Numeric Errors

CVE-2016-2106

High

7.5/10

Summary

Integer overflow in the "EVP_EncryptUpdate" function in "crypto/evp/evp_enc.c" in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a Denial of Service (Heap Memory Corruption) via a large amount of data.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-189 - Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

References

Advisory
Advisory

Advisory Timeline

Published May 05, 2016

Numeric Errors

CVE-2016-2106

Summary

CWE-189 - Numeric Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS