Integer Overflow or Wraparound Affecting openssl package, versions >=0.0.0


0.0
critical
  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-COCOAPODS-OPENSSL-470752

  • published

    2 Oct 2019

  • disclosed

    1 Jun 2016

  • credit

    Unknown

How to fix?

There is no fixed version for OpenSSL.

Overview

OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. OpenSSL has denial of service through integer overflow vulnerability. The vulnerability is caused due to the use of externally supplied data for SIZE bytes for memory allocation, thereby allowing malicious user to cause heap/memory corruption.