CVE-2016-2180

Source
Severity Low
Remote Yes
Type Denial of service
Description
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
Group Package Affected Fixed Severity Status Ticket
AVG-30 lib32-openssl 1:1.0.2.h-1 1:1.0.2.i-1 High Fixed
AVG-29 openssl 1.0.2.h-1 1.0.2.i-1 High Fixed FS#49616
Date Advisory Group Package Severity Description
26 Sep 2016 ASA-201609-24 AVG-30 lib32-openssl High multiple issues
26 Sep 2016 ASA-201609-23 AVG-29 openssl High multiple issues
References
https://www.openssl.org/news/secadv/20160922.txt