Advisory ID

12762

Release date

20160926

Last Updated

20160926

Issue Severity

None

 

Source

Source

openssl.org

Release date

20160922

CVSS v2 Base Score

Low

Problem Description

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.

 

Impact

None.

 

Affected Products

None - no FoxT products use affected function with untrusted data.

Workaround

N/A.

Obtaining Fixed Software

N/A.

External References

OpenSSL Security Advisory




Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 16, 2019