← back
CVE-2016-2177

CVE-2016-2177

EPSS 44.5%
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html