Bug 1314757 (CVE-2016-2842) - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds
Summary: CVE-2016-2842 openssl: doapr_outch function does not verify that certain memo...
Status: NEW
Alias: CVE-2016-2842
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20160303,reported=2...
Keywords: Security
Depends On: 1312856 1312857 1312858 1314764 1314765 1314766 1321841 1321842 1331569 1331865 1331866 1366994
Blocks: 1314768 1395463
TreeView+ depends on / blocked
 
Reported: 2016-03-04 12:15 UTC by Adam Mariš
Modified: 2019-05-02 21:51 UTC (History)
41 users (show)

(edit)
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0722 normal SHIPPED_LIVE Important: openssl security update 2016-05-09 13:28:24 UTC
Red Hat Product Errata RHSA-2016:0996 normal SHIPPED_LIVE Important: openssl security update 2016-05-10 08:18:56 UTC
Red Hat Product Errata RHSA-2016:2073 normal SHIPPED_LIVE Important: openssl security update 2016-10-18 11:08:06 UTC
Red Hat Product Errata RHSA-2016:2957 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release 2016-12-16 03:11:19 UTC

Description Adam Mariš 2016-03-04 12:15:42 UTC
It was found that doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data. This issues is different than CVE-2016-0799.

Upstream patch:

https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73

Comment 1 Adam Mariš 2016-03-04 12:31:23 UTC
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1314766]

Comment 2 Adam Mariš 2016-03-04 12:31:38 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1314764]

Comment 3 Adam Mariš 2016-03-04 12:31:48 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1314765]

Comment 10 petercho 2016-04-11 04:26:26 UTC
Can we do this in higher priority?
Clients concern this seriously as it is related to openssl.
Thanks.

Comment 12 Tomas Mraz 2016-04-29 15:17:27 UTC
Note that the patch for CVE-2016-0799 fixes also this issue.

Comment 14 Martin Prpič 2016-05-03 14:53:21 UTC
Acknowledgments:

Name: the OpenSSL project
Upstream: Guido Vranken

Comment 15 errata-xmlrpc 2016-05-09 09:28:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0722 https://rhn.redhat.com/errata/RHSA-2016-0722.html

Comment 16 errata-xmlrpc 2016-05-10 04:20:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0996 https://rhn.redhat.com/errata/RHSA-2016-0996.html

Comment 21 errata-xmlrpc 2016-10-18 07:08:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2016:2073 https://rhn.redhat.com/errata/RHSA-2016-2073.html

Comment 22 errata-xmlrpc 2016-12-15 22:16:35 UTC
This issue has been addressed in the following products:



Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html


Note You need to log in before you can comment on or make changes to this bug.