1331563 – (CVE-2016-2176) CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()

Bug 1331563 (CVE-2016-2176) - CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()

Summary: CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2016-2176
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1330106
TreeView+	depends on / blocked

Reported:	2016-04-28 19:41 UTC by Tomas Hoger
Modified:	2021-02-17 03:57 UTC (History)
CC List:	3 users (show)
Fixed In Version:	openssl 1.0.1t, openssl 1.0.2h
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-04-28 19:45:14 UTC
Embargoed:

Attachments	(Terms of Use)
OpenSSL upstream fix (10.98 KB, patch) 2016-04-28 19:43 UTC, Tomas Hoger	no flags	Details \| Diff
View All

Description Tomas Hoger 2016-04-28 19:41:14 UTC

Quoting form the draft of OpenSSL upstream advisory:

EBCDIC overread (CVE-2016-2176)
===============================

Severity: Low

ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result in
arbitrary stack data being returned in the buffer.

OpenSSL 1.0.2 users should upgrade to 1.0.2h
OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The
fix was developed by Matt Caswell of the OpenSSL development team.

Comment 1 Tomas Hoger 2016-04-28 19:41:24 UTC

Acknowledgments:

Name: the OpenSSL project
Upstream: Guido Vranken

Comment 2 Tomas Hoger 2016-04-28 19:43:07 UTC

Created attachment 1152051 [details]
OpenSSL upstream fix

Comment 3 Tomas Hoger 2016-04-28 19:45:14 UTC

OpenSSL packages distributed by Red Hat do not enable EBCDIC support and are therefore unaffected by this issue.

Comment 4 Martin Prpič 2016-05-03 14:19:39 UTC

External References:

https://openssl.org/news/secadv/20160503.txt

Comment 5 Tomas Hoger 2016-05-04 12:55:34 UTC

Upstream commit:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561

Note You need to log in before you can comment on or make changes to this bug.