Integer Overflow or Wraparound Affecting openssl package, versions >=0.0.0


Severity

Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
15.22% (97th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-COCOAPODS-OPENSSL-470752
  • published2 Oct 2019
  • disclosed1 Jun 2016
  • creditUnknown

Introduced: 1 Jun 2016

CVE-2016-2177  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

There is no fixed version for OpenSSL.

Overview

OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. OpenSSL has denial of service through integer overflow vulnerability. The vulnerability is caused due to the use of externally supplied data for SIZE bytes for memory allocation, thereby allowing malicious user to cause heap/memory corruption.

CVSS Scores

version 3.1