Wind River Support Network

Description

ASN.1 BIO excessive memory allocation (CVE-2016-2109)
=====================================================

Severity: Low

When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.

Any application parsing untrusted data through d2i BIO functions is affected.
The memory based functions such as d2i_X509() are *not* affected. Since the
memory based functions are used by the TLS library, TLS applications are not
affected.

This issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter.
The fix was developed by Stephen Henson of the OpenSSL development team.

Other Downloads

• Wind River Linux 7.0.0.16
• Wind River Linux 7.0.0.17
• Wind River Linux 7.0.0.18
• Wind River Linux 7.0.0.19
• Wind River Linux 7.0.0.20
• Wind River Linux 7.0.0.21
• Wind River Linux 7.0.0.22
• Wind River Linux 7.0.0.23
• Wind River Linux 7.0.0.24
• Wind River Linux 7.0.0.25
• Wind River Linux 7.0.0.26
• Wind River Linux 7.0.0.27
• Wind River Linux 7.0.0.28
• Wind River Linux 7.0.0.29
• Wind River Linux 7.0.0.30
• Wind River Linux 7.0.0.31

CVEs

• CVE-2016-2109