[openssl-users] CVE-2016-2180

sivagopiraju sivagopi059 at gmail.com
Thu Aug 25 08:21:40 UTC 2016


I am using openssl-1.0.0e in my product. Here i want to know that OpenSSL is
CVE-2016-2180 vulnerable or not.

https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a?diff=unified
In this page showing some information about CVE-2016-2180 vulnerability.

Actually i read some information from the internet that, to reproduce this
vulnerability need to "*create specially crafted time stamp file and used
with the "openssl ts"*" command. How to create "specially crafted time stamp
file". 

In the CVE-2016-2180 vulnerability talk about TS_OBJ_print_bio function
creating the crash. This function is present in the openssl i have.

Is there any patch available for this vulnerability.




--
View this message in context: http://openssl.6102.n7.nabble.com/CVE-2016-2180-tp68032.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


More information about the openssl-users mailing list