Description

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Remediation

References

CVE-2016-2177

Related Vulnerabilities

Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)

WordPress Plugin Chameleoni Jobs Multiple Cross-Site Scripting Vulnerabilities (1.2.2)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-2089)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2509)

WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)

Severity

Critical

Classification

CVE-2016-2177 CWE-190 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities