The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
La función asn1_d2i_read_bio en crypto/asn1/a_d2i_fp.c en la implementación de ASN.1 BIO en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una codificación corta no válida.
AV:N/AC:L/Au:N/C:N/I:N/A:C
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | COMPLETE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-399
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openssl | openssl | * | <built-in method update of dict object at 0x72a9cc523ec0> | Application |
| openssl | openssl | 1.0.2 | <built-in method update of dict object at 0x72a9b0b39400> | Application |
| openssl | openssl | 1.0.2 | <built-in method update of dict object at 0x72a9ccf9c300> | Application |
| openssl | openssl | 1.0.2 | <built-in method update of dict object at 0x72a9b0b39d80> | Application |
| openssl | openssl | 1.0.2 | <built-in method update of dict object at 0x72a9cc523e40> | Application |
| openssl | openssl | 1.0.2a | <built-in method update of dict object at 0x72a9b0a74640> | Application |
| openssl | openssl | 1.0.2b | <built-in method update of dict object at 0x72a9b0b3bdc0> | Application |
| openssl | openssl | 1.0.2c | <built-in method update of dict object at 0x72a9b0b39840> | Application |
| openssl | openssl | 1.0.2d | <built-in method update of dict object at 0x72a9b0b3a3c0> | Application |
| openssl | openssl | 1.0.2e | <built-in method update of dict object at 0x72a9b0a77b40> | Application |
| openssl | openssl | 1.0.2f | <built-in method update of dict object at 0x72a9b0e024c0> | Application |
| openssl | openssl | 1.0.2g | <built-in method update of dict object at 0x72a9b0b38a00> | Application |
| redhat | enterprise_linux_desktop | 7.0 | <built-in method update of dict object at 0x72a9ccf9c6c0> | Operating System |
| redhat | enterprise_linux_hpc_node | 7.0 | <built-in method update of dict object at 0x72a9b0b382c0> | Operating System |
| redhat | enterprise_linux_hpc_node_eus | 7.2 | <built-in method update of dict object at 0x72a9b0b39580> | Operating System |
| redhat | enterprise_linux_server | 7.0 | <built-in method update of dict object at 0x72a9b0b38100> | Operating System |
| redhat | enterprise_linux_server_aus | 7.2 | <built-in method update of dict object at 0x72a9b0b38880> | Operating System |
| redhat | enterprise_linux_server_eus | 7.2 | <built-in method update of dict object at 0x72a9cc523800> | Operating System |
| redhat | enterprise_linux_workstation | 7.0 | <built-in method update of dict object at 0x72a9b0b3bec0> | Operating System |
| redhat | enterprise_linux_desktop | 6.0 | <built-in method update of dict object at 0x72a9b0b39a40> | Operating System |
| redhat | enterprise_linux_hpc_node | 6.0 | <built-in method update of dict object at 0x72a9b0cee3c0> | Operating System |
| redhat | enterprise_linux_server | 6.0 | <built-in method update of dict object at 0x72a9b0b3af80> | Operating System |
| redhat | enterprise_linux_workstation | 6.0 | <built-in method update of dict object at 0x72a9ccf9fb00> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |