Integer Overflow or Wraparound Affecting openssl package, versions >=0.0.0
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
15.22% (96th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-OPENSSL-470752
- published 2 Oct 2019
- disclosed 1 Jun 2016
- credit Unknown
Introduced: 1 Jun 2016
CVE-2016-2177 Open this link in a new tabHow to fix?
There is no fixed version for OpenSSL.
Overview
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Integer Overflow or Wraparound. OpenSSL has denial of service through integer overflow vulnerability. The vulnerability is caused due to the use of externally supplied data for SIZE bytes for memory allocation, thereby allowing malicious user to cause heap/memory corruption.
References
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- FREEBSD
- Gentoo Security Advisory
- HPE Support Center Security Bulletin
- IBM Security Bulletin
- MISC
- MISC
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Bulletin
- Oracle Security Bulletin
- Oracle Security Bulletin
- RedHat Bugzilla Bug
- RedHat Security Advisory
- RedHat Security Advisory
- RedHat Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- Security Focus
- Security Tracker