The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHP Icewall Federation Agent
APPHp3.0HP Icewall Mcrp
APPHp3.0HP Icewall Sso
APPHp10.0HP Icewall Sso Agent Option
APPHp10.0OpenSSL
APPOpenssl1.0.11.0.1a1.0.1b1.0.1c1.0.1d1.0.1e1.0.1f1.0.1g1.0.1h1.0.1i1.0.1j1.0.1k1.0.1l1.0.1m1.0.1n+ 15 więcejOracle Linux
OSOracle567
Powiązane podatności
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...
OpenSSL CMS AuthEnvelopedData — niewystarczająca walidacja wejścia umożliwia atak oracle i bypass integralnośc...
OpenSSL: heap buffer overflow przy konwersji OCTET STRING na hex (32-bit)