VDB

ALPINE-CVE-2016-2177

ALPINE-CVE-2016-2177 PUBLISHED CVSS 9.800000190734863 CRITICAL

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Risk Scores

CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.8openssl0.9.8i-r0, 0.9.8j-r0, 0.9.8k-r0
Alpine:v3.2openssl1.0.1j-r0, 1.0.1k-r0, 1.0.2
Alpine:v3.3openssl0.9.8, 0, 0.9.8i-r0
Alpine:v3.4openssl1.0.0b-r0, 1.0.0c-r0, 1.0.0d-r0
Alpine:v3.5openssl1.0.1g-r1, 0, 0.9.8i-r0
Alpine:v3.7openssl*, 1.0.2, 1.0.2
Alpine:v3.6openssl0.9.8i-r0, 1.0.2, 1.0.2

Timeline

  • Jun 20, 2016 CVE Published
  • Nov 19, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›