Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
CVE-2016-0705 - Critical Severity Vulnerability
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in HEAD commit: 3fbbb063388e28edaf82a166f24d4ce71e0b1514
Found in base branch: master
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Publish Date: 2016-03-03
URL: CVE-2016-0705
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-0705
Release Date: 2016-03-03
Fix Resolution: 1.0.1s,1.0.2g
Step up your Open Source Security Game with Mend here