Advisory ID

12443

Release date

2016-05-10

Last Updated

2016-05-10

Issue Severity

-

 

Source

Source

USCERT/NIST

Release date

2016-05-06

CVSS v2 Base Score

5.0(MEDIUM)

Problem Description

 

Integer overflow in the EVP_EncodeUpdate function in cryoto/evp/encode.c in OpenSSL before 1.o.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

 

Find out more about CVE-2016-2105 from MITRE CVE directory and NIST NVD.

Impact

BoKS is not vulnerable since the EVP_EncodeUpdate function is only on internally generated trusted data.

Affected Products

No FoxT product is affected by this vulnerability.

Workaround

N/A

Obtaining Fixed Software

N/A

External References

OpenSSL Security Advisory










Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 16, 2019