Bug 969517 (CVE-2016-2842) - VUL-0: CVE-2016-2842: openssl: The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1sand 1.0.2 before 1.0...
Summary: VUL-0: CVE-2016-2842: openssl: The doapr_outch function in crypto/bio/b_print...
Status: RESOLVED FIXED
Alias: CVE-2016-2842
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/162543/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-04 08:42 UTC by Alexander Bergmann
Modified: 2016-03-04 10:19 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-03-04 08:42:49 UTC 
CVE-2016-2842 was additionally assigned to the existing commit of CVE-2016-0799.
This bug was opened for reference as the described problem was already fixed.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2842

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s
and 1.0.2 before 1.0.2g does not verify that a certain memory allocation
succeeds, which allows remote attackers to cause a denial of service
(out-of-bounds write or memory consumption) or possibly have unspecified other
impact via a long string, as demonstrated by a large amount of ASN.1 data, a
different vulnerability than CVE-2016-0799.

https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
Comment 1 Alexander Bergmann 2016-03-04 08:43:10 UTC 
Closing.