OpenSSL buffer Overflow Denial of Service Vulnerability (CVE-2016-2177)
OpenSSL buffer Overflow Denial of Service Vulnerability (CVE-2016-2177)
Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL <= 1.0.2h
Description:
CVE (CAN) ID: CVE-2016-2177
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
In OpenSSL <= 1.0.2h, pointer is not correctly used in heap buffer boundary check. Remote attackers exploit this vulnerability to cause DOS.
<* Source: Adam Mari & #353;
*>
Suggestion:
Vendor patch:
OpenSSL Project
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1341705
Https://git.openssl.org /? P = openssl. git; a = commit; h = a004e72b95835136d3f1ea90517f706c24c03da7
For more information about OpenSSL, see the following links:
Use OpenSSL command line to build CA and Certificate
Install OpenSSL in Ubuntu
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
Use OpenSSL to generate certificates in Linux
Use OpenSSL to sign multi-domain certificates
Add a custom encryption algorithm to OpenSSL
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: