Your submission was sent successfully! Close

CVE-2016-2177

Published: 19 June 2016

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
artful
Released (1.0.2g-1ubuntu9)
bionic
Released (1.0.2g-1ubuntu9)
cosmic
Released (1.0.2g-1ubuntu9)
disco
Released (1.0.2g-1ubuntu9)
precise
Released (1.0.1-4ubuntu5.39)
trusty
Released (1.0.1f-1ubuntu2.22)
upstream
Released (1.0.2i, 1.0.1u)
wily Ignored
(reached end-of-life)
xenial
Released (1.0.2g-1ubuntu4.4)
yakkety
Released (1.0.2g-1ubuntu9)
zesty
Released (1.0.2g-1ubuntu9)
Patches:
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7 (1.0.2)
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=89c2720298f875ac80777da2da88a64859775898 (bp)
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=e4840c88c516d959785fcd842d8658d3b7a6ae43 (bp)
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=f141376ae2892b59f2b1af94204f925832f8dc3a (bp)
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=6f35f6deb5ca7daebe289f86477e061ce3ee5f46 (1.0.1)
openssl098
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was needs-triage)
trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist