- Home
- CVEs with nessus.description==Several vulnerabilities were discovered in OpenSSL, a Secure Socket
Layer toolkit.
- CVE-2016-2105
Guido Vranken discovered that an overflow can occur in
the function EVP_EncodeUpdate(), used for Base64
encoding, if an attacker can supply a large amount of
data. This could lead to a heap corruption.
- CVE-2016-2106
Guido Vranken discovered that an overflow can occur in
the function EVP_EncryptUpdate() if an attacker can
supply a large amount of data. This could lead to a heap
corruption.
- CVE-2016-2107
Juraj Somorovsky discovered a padding oracle in the AES
CBC cipher implementation based on the AES-NI
instruction set. This could allow an attacker to decrypt
TLS traffic encrypted with one of the cipher suites
based on AES CBC.
- CVE-2016-2108
David Benjamin from Google discovered that two separate
bugs in the ASN.1 encoder, related to handling of
negative zero integer values and large universal tags,
could lead to an out-of-bounds write.
- CVE-2016-2109
Brian Carpenter discovered that when ASN.1 data is read
from a BIO using functions such as d2i_CMS_bio(), a
short invalid encoding can cause allocation of large
amounts of memory potentially consuming excessive
resources or exhausting memory.
Additional information about these issues can be found in the OpenSSL
security advisory at https://www.openssl.org/news/secadv/20160503.txt
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top