Wind River Support Network


LIN7-6065 : Security Advisory - OpenSSL - CVE-2016-2109

Created: May 3, 2016    Updated: Sep 8, 2018
Resolved Date: May 5, 2016
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


ASN.1 BIO excessive memory allocation (CVE-2016-2109)

Severity: Low

When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.

Any application parsing untrusted data through d2i BIO functions is affected.
The memory based functions such as d2i_X509() are *not* affected. Since the
memory based functions are used by the TLS library, TLS applications are not

This issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter.
The fix was developed by Stephen Henson of the OpenSSL development team.

Other Downloads


Live chat