CVE-2016-2177 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-30	lib32-openssl	1:1.0.2.h-1	1:1.0.2.i-1	High	Fixed
AVG-29	openssl	1.0.2.h-1	1.0.2.i-1	High	Fixed	FS#49616

Date	Advisory	Group	Package	Severity	Type
26 Sep 2016	ASA-201609-24	AVG-30	lib32-openssl	High	multiple issues
26 Sep 2016	ASA-201609-23	AVG-29	openssl	High	multiple issues

References
http://seclists.org/oss-sec/2016/q2/500 https://www.openssl.org/news/secadv/20160922.txt