Advisory ID

12448

Release date

2016-05-11

Last Updated

2015-05-11

Issue Severity

None

Source

Source

openSSL.org

Release date

2016-05-03

CVSS v2 Base Score

7.8 (High)

Problem Description

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Find out more about CVE-2016-2109 from MITRE CVE directory and NIST NVD.

Impact

This vulnerability has no impact on FoxT products.

Affected Products

None.

Workaround

N/A

Obtaining Fixed Software

N/A

External References

OpenSSL Security Advisory










Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018