OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
OpenSSL hasta la versión 1.0.2h no utiliza correctamente la aritmética de puntero para comprobaciones de límites de buffer de memoria dinámica, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbordamiento de entero y caída de aplicación) o posiblemente tener otro impacto no especificado aprovechando un comportamiento malloc no esperado, relacionado con s3_srvr.c, ssl_sess.c, y t1_lib.c.
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-190
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hp | icewall_mcrp | 3.0 | <built-in method update of dict object at 0x72a9ccf9f300> | Application |
| hp | icewall_sso | 10.0 | <built-in method update of dict object at 0x72a9b09072c0> | Application |
| hp | icewall_sso | 10.0 | <built-in method update of dict object at 0x72a9b0904300> | Application |
| hp | icewall_sso_agent_option | 10.0 | <built-in method update of dict object at 0x72a9cdf30cc0> | Application |
| openssl | openssl | 1.0.1 | <built-in method update of dict object at 0x72a9ccf9c140> | Application |
| openssl | openssl | 1.0.1a | <built-in method update of dict object at 0x72a9ccf9eec0> | Application |
| openssl | openssl | 1.0.1b | <built-in method update of dict object at 0x72a9b0904bc0> | Application |
| openssl | openssl | 1.0.1c | <built-in method update of dict object at 0x72a9b0905640> | Application |
| openssl | openssl | 1.0.1d | <built-in method update of dict object at 0x72a9b0904f40> | Application |
| openssl | openssl | 1.0.1e | <built-in method update of dict object at 0x72a9ccf9e9c0> | Application |
| openssl | openssl | 1.0.1f | <built-in method update of dict object at 0x72a9b0907ac0> | Application |
| openssl | openssl | 1.0.1g | <built-in method update of dict object at 0x72a9b0904080> | Application |
| openssl | openssl | 1.0.1h | <built-in method update of dict object at 0x72a9cc522f80> | Application |
| openssl | openssl | 1.0.1i | <built-in method update of dict object at 0x72a9cc523cc0> | Application |
| openssl | openssl | 1.0.1j | <built-in method update of dict object at 0x72a9cd0d9bc0> | Application |
| openssl | openssl | 1.0.1k | <built-in method update of dict object at 0x72a9cc522f00> | Application |
| openssl | openssl | 1.0.1l | <built-in method update of dict object at 0x72a9cc434880> | Application |
| openssl | openssl | 1.0.1m | <built-in method update of dict object at 0x72a9b0907940> | Application |
| openssl | openssl | 1.0.1n | <built-in method update of dict object at 0x72a9b0905c80> | Application |
| openssl | openssl | 1.0.1o | <built-in method update of dict object at 0x72a9cc518e40> | Application |
| openssl | openssl | 1.0.1p | <built-in method update of dict object at 0x72a9cc522fc0> | Application |
| openssl | openssl | 1.0.1q | <built-in method update of dict object at 0x72a9b0906180> | Application |
| openssl | openssl | 1.0.1r | <built-in method update of dict object at 0x72a9cc523640> | Application |
| openssl | openssl | 1.0.1s | <built-in method update of dict object at 0x72a9b0904d00> | Application |
| openssl | openssl | 1.0.1t | <built-in method update of dict object at 0x72a9cc523dc0> | Application |
| openssl | openssl | 1.0.2 | <built-in method update of dict object at 0x72a9cc523e40> | Application |
| openssl | openssl | 1.0.2a | <built-in method update of dict object at 0x72a9b0cee3c0> | Application |
| openssl | openssl | 1.0.2b | <built-in method update of dict object at 0x72a9b0907300> | Application |
| openssl | openssl | 1.0.2c | <built-in method update of dict object at 0x72a9cdc86e00> | Application |
| openssl | openssl | 1.0.2d | <built-in method update of dict object at 0x72a9cdc84dc0> | Application |
| openssl | openssl | 1.0.2e | <built-in method update of dict object at 0x72a9cc523800> | Application |
| openssl | openssl | 1.0.2f | <built-in method update of dict object at 0x72a9cc6f2380> | Application |
| openssl | openssl | 1.0.2g | <built-in method update of dict object at 0x72a9b0b6bb80> | Application |
| openssl | openssl | 1.0.2h | <built-in method update of dict object at 0x72a9cc76ff80> | Application |
| oracle | linux | 5 | <built-in method update of dict object at 0x72a9cc76c340> | Operating System |
| oracle | linux | 6 | <built-in method update of dict object at 0x72a9ccfa7300> | Operating System |
| oracle | linux | 7 | <built-in method update of dict object at 0x72a9cc76f200> | Operating System |
| oracle | solaris | 10 | <built-in method update of dict object at 0x72a99a344440> | Operating System |
| oracle | solaris | 11.3 | <built-in method update of dict object at 0x72a9cc7be140> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:* |
| Yes | cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:* |
| Yes | cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* |