pazhanivel07 / OpenSSL_1_0_1g_AfterPatch

Other
0 stars 0 forks source link

CVE-2016-0797 (High) detected in opensslOpenSSL_1_0_2za #57

Open mend-bolt-for-github[bot] opened 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2016-0797 - High Severity Vulnerability

Vulnerable Library - opensslOpenSSL_1_0_2za

TLS/SSL and crypto library

Library home page: https://github.com/openssl/openssl.git

Found in base branch: master

Vulnerable Source Files (1)

/crypto/bn/bn.h

Vulnerability Details

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

Publish Date: 2016-03-03

URL: CVE-2016-0797

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-0797

Release Date: 2016-03-03

Fix Resolution: 1.0.1s,1.0.2g


Step up your Open Source Security Game with Mend here