CVSS v2 Base Score
Integer overflow in the EVP_EncodeUpdate function in cryoto/evp/encode.c in OpenSSL before 1.o.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Find out more about CVE-2016-2105 from MITRE CVE directory and NIST NVD.
BoKS is not vulnerable since the EVP_EncodeUpdate function is only on internally generated trusted data.
No FoxT product is affected by this vulnerability.
Still have questions? We can help. Submit a case to Technical Support.