FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-0797

This CVE name corresponds to:

Entered Topic
2016-08-11 FreeBSD -- Multiple OpenSSL vulnerabilities
2016-03-14 node -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-0797 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-0797
Phase Assigned(20151216)

Description

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

References

Source Reference
CONFIRM http://openssl.org/news/secadv/20160301.txt
CONFIRM https://git.openssl.org/?p=openssl.git;a=commit;h=c175308407858afff3fc8c2e5e085d94d12edc7d
CONFIRM https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10156
SUSE openSUSE-SU-2016:1566
BID 91787

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.