Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.<a href=http://cwe.mitre.org/data/definitions/190.html>CWE-190: Integer Overflow or Wraparound</a> <a href=http://cwe.mitre.org/data/definitions/476.html>CWE-476: NULL Pointer Dereference</a>
Find out more about CVE-2016-0797 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 8 | Fixed |
LIN8-2888 |
8.0.0.3 | -- |
| Wind River Linux 9 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 7 | Fixed | -- | 7.0.0.14 | -- |
| Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
| Wind River Linux CD release | Not Vulnerable | -- | -- | -- |
| Wind River Linux 6 | Fixed | -- | 6.0.0.29 | -- |
| Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
| VxWorks | ||||
| VxWorks 7 | Fixed |
V7SEC-1476 |
openSSL-1.0.7.0 | -- |
| VxWorks 6.9 | Fixed |
VXW6-85377 |
6.9.4.8 |
Wind River VxWorks 20160301 Security Alert for openssl VxWorks 6.9 source patch for Defect VXW6-85377 Service Pack 8 for VxWorks 6.9.4 and VxWorks Edition 6.9.4 Platforms |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| eLxr | ||||
| eLxr 12 | Not Vulnerable | -- | -- | -- |
| Product Name | Status | Defect | Fixed | Downloads |
|---|
