|Type||Denial of service|
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
|26 Sep 2016||ASA-201609-24||AVG-30||lib32-openssl||High||multiple issues|
|26 Sep 2016||ASA-201609-23||AVG-29||openssl||High||multiple issues|