SB2016081301 - Multiple vulnerabilities in OpenSSL
Published: August 13, 2016 Updated: February 27, 2025
Security Bulletin ID
SB2016081301
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Integer overflow in ssl3_get_client_hello() (CVE-ID: CVE-2016-2177)
The vulnerability allows a remote attacker to cause denial of service conditions on the target system.The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.
2) Out-of-bounds read (CVE-ID: CVE-2016-2180)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the TS_OBJ_print_bio() function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL. A remote attacker can perform a denial of service (DoS) attack via a crafted time-stamp file that is mishandled by the "openssl ts" command.
Remediation
Install update from vendor's website.
References
- https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2180