OpenSSL SRP_VBASE_get_by_user Memory leakage (CVE-2016-0798)

OpenSSL SRP_VBASE_get_by_user Memory leakage (CVE-2016-0798)
OpenSSL SRP_VBASE_get_by_user Memory leakage (CVE-2016-0798)

Release date:
Updated on:

Affected Systems:

OpenSSL Project OpenSSL <＝1.0.2
OpenSSL Project OpenSSL <= 1.0.1

Unaffected system:

OpenSSL Project OpenSSL 1.0.2g
OpenSSL Project OpenSSL 1.0.1s

Description:

CVE (CAN) ID: CVE-2016-0798

OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.

OpenSSL 1.0.2 and earlier versions, 1.0.1 and earlier versions. The SRP user database query method SRP_VBASE_get_by_user has a memory management problem, which may cause memory leakage.

<* Source: Emilia K & #195; receivsper

Link: https://www.openssl.org/news/secadv/20160301.txt
*>

Suggestion:

Vendor patch:

OpenSSL Project
---------------
The OpenSSL Project has released a Security Bulletin (20160301) and corresponding patches for this purpose:
20160301: OpenSSL Security Advisory [1st March 2016]
Link: https://www.openssl.org/news/secadv/20160301.txt

For more information about OpenSSL, see the following links:

Use OpenSSL command line to build CA and Certificate

Install OpenSSL in Ubuntu

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

Use OpenSSL to generate certificates in Linux

Use OpenSSL to sign multi-domain certificates

Add a custom encryption algorithm to OpenSSL

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: