VDB
GCVE-110-MAGEIA-2016-169
GCVE-110-MAGEIA-2016-169
Advisory Published
An overflow can occur in the EVP_EncodeUpdate() function which is used for
Base64 encoding of binary data. If an attacker is able to supply very
large amounts of input data then a length check can overflow resulting in
a heap corruption (CVE-2016-2105).
An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
is able to supply very large amounts of input data after a previous call
to EVP_EncryptUpdate() with a partial block then a length check can
overflow resulting in a heap corruption (CVE-2016-2106).
A MITM attacker can use a padding oracle attack to decrypt traffic when
the connection uses an AES CBC cipher and the server support AES-NI
(CVE-2016-2107).
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory
(CVE-2016-2109)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | openssl | * (unaffected), 0 (affected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.