SB2016090301 - Out-of-bounds memory read in openssl (Alpine package)
Published: September 3, 2016 Updated: March 6, 2023
Security Bulletin ID
SB2016090301
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2016-2180)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the TS_OBJ_print_bio() function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL. A remote attacker can perform a denial of service (DoS) attack via a crafted time-stamp file that is mishandled by the "openssl ts" command.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=a879e6eaf315a19b45fd424f12f9bf072b168946
- https://git.alpinelinux.org/aports/commit/?id=be71850614d4346dc7cd2243591ca908f4475a1d
- https://git.alpinelinux.org/aports/commit/?id=8746cdf19bfe0283af734bf672d1c69b6e4d93b3
- https://git.alpinelinux.org/aports/commit/?id=b4ea58d763919cb6dec1f4fb4a0bb51378861172
- https://git.alpinelinux.org/aports/commit/?id=ecfc04f3961ec4ffa2c972bd72253ba1a03a3c1e