Advisory ID

12763

Release date

20160926

Last Updated

20160926

Issue Severity

None

Source

Source

openssl.org

Release date

20160922

CVSS v2 Base Score

Low

Problem Description

The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.

Impact

None.

Affected Products

None - the affected function is used internally in BoKS Manager but only with internally produced trusted data.

Workaround

N/A.

Obtaining Fixed Software

N/A.

External References

OpenSSL Security Advisory




Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018