FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssl -- denial of service

Affected packages
openssl < 1.0.2_14

Details

VuXML ID 0ca24682-3f03-11e6-b3c8-14dae9d210b8
Discovery 2016-06-01
Entry 2016-06-30

Mitre reports:

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

References

CVE Name CVE-2016-2177
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
URL https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
URL ihttps://bugzilla.redhat.com/show_bug.cgi?id=1341705