CVE-2016-2182 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-30 | lib32-openssl | 1:1.0.2.h-1 | 1:1.0.2.i-1 | High | Fixed | |
| AVG-29 | openssl | 1.0.2.h-1 | 1.0.2.i-1 | High | Fixed | FS#49616 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 26 Sep 2016 | ASA-201609-24 | AVG-30 | lib32-openssl | High | multiple issues |
| 26 Sep 2016 | ASA-201609-23 | AVG-29 | openssl | High | multiple issues |
| References |
|---|
https://www.openssl.org/news/secadv/20160922.txt |