Integer overflow in ssl3_get_client_hello() in Oracle products

#VU24 Integer overflow in ssl3_get_client_hello() in Oracle products

Cybersecurity Help s.r.o.

Published: 2016-06-24 | Updated: 2017-01-11

Vulnerability identifier: #VU24

Vulnerability risk: Medium

CVSSv3.1: 4.6 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-2177

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software
Oracle Solaris
Operating systems & Components / Operating system
Oracle Linux
Operating systems & Components / Operating system
Oracle VM VirtualBox
Server applications / Virtualization software
Oracle VM Server for x86
Server applications / Other server solutions

Vendor: OpenSSL Software Foundation
Oracle

Description
The vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.

Mitigation
The vendor has issued a source code fix, available at:

https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7

Vulnerable software versions

OpenSSL: 1.0.2c - 1.0.2

Oracle Solaris: 10 - 11.3

Oracle VM VirtualBox: 5.0.25 - 5.0.27, 5.1.7

Oracle VM Server for x86: 3.2 - 3.4

Oracle Linux: 5 - 7

External links
http://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html