Integer Overflow or Wraparound Affecting openssl package, versions >=0.0.0


Severity

Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    15.22% (96th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-COCOAPODS-OPENSSL-470752
  • published 2 Oct 2019
  • disclosed 1 Jun 2016
  • credit Unknown

How to fix?

There is no fixed version for OpenSSL.

Overview

OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. OpenSSL has denial of service through integer overflow vulnerability. The vulnerability is caused due to the use of externally supplied data for SIZE bytes for memory allocation, thereby allowing malicious user to cause heap/memory corruption.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
9.8 critical
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High