Home CVE Database CVE-2016-0797

CVE-2016-0797

Description

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.CWE-190: Integer Overflow or Wraparound CWE-476: NULL Pointer Dereference

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Mar 3, 2016
Related ID: --
CVSS v2: High
Modified Date: Mar 7, 2016

Find out more about CVE-2016-0797 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

openssl

Live chat
Online