[openssl-dev] CVE-2016-2177
Philip Bellino
pbellino at mrv.com
Tue Jun 28 12:02:19 UTC 2016
Hello,
Will you be releasing 1.0.2i soon to address this issue?
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
openssl -- openssl
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Thanks,
Phil
[E-Banner]<http://www.mrv.com/products/os-v>
MRV Communications is a global supplier of packet and optical solutions that power the world's largest networks. Our products combine innovative hardware with intelligent software to make networks smarter, faster and more efficient.
The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160628/e49daa71/attachment.html>
More information about the openssl-dev
mailing list