OpenSSL TS_OBJ_print_bio Function Denial of Service Vulnerability (CVE-2016-2180)

OpenSSL TS_OBJ_print_bio Function Denial of Service Vulnerability (CVE-2016-2180)
OpenSSL TS_OBJ_print_bio Function Denial of Service Vulnerability (CVE-2016-2180)

Release date:
Updated on: 2016-08-02

Affected Systems:

OpenSSL Project OpenSSL < 1.0.2h

Description:

CVE (CAN) ID: CVE-2016-2180

OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.

The crypto/ts/ts_lib.c/TS_OBJ_print_bio function has a security vulnerability in the implementation of the OpenSSL <1.0.2h, X.509 Public Key Infrastructure time tag protocol. Remote attackers use the "openssl ts" command to process the constructed time Tag file, resulting in DOS (out-of-bounds read and application crash ).

<* Source: Huzaifa S. Sidhpurwala
*>

Suggestion:

Vendor patch:

OpenSSL Project
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1359615

For more information about OpenSSL, see the following links:

Use OpenSSL command line to build CA and Certificate

Install OpenSSL in Ubuntu

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Use OpenSSL to generate certificates in Linux

Use OpenSSL to sign multi-domain certificates

Add a custom encryption algorithm to OpenSSL

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: