Bug 1314757 (CVE-2016-2842) - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds
Summary: CVE-2016-2842 openssl: doapr_outch function does not verify that certain memo...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-2842
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1312856 1312857 1312858 1314764 1314765 1314766 1321841 1321842 1331569 1331865 1331866 1366994
Blocks: 1314768 1395463
TreeView+ depends on / blocked
 
Reported: 2016-03-04 12:15 UTC by Adam Mariš
Modified: 2021-02-17 04:14 UTC (History)
41 users (show)

See Also:
Fixed In Version: openssl 1.0.1s, openssl 1.0.2g
Clone Of:
Environment:
Last Closed: 2019-06-08 02:49:23 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0722 0 normal SHIPPED_LIVE Important: openssl security update 2016-05-09 13:28:24 UTC
Red Hat Product Errata RHSA-2016:0996 0 normal SHIPPED_LIVE Important: openssl security update 2016-05-10 08:18:56 UTC
Red Hat Product Errata RHSA-2016:2073 0 normal SHIPPED_LIVE Important: openssl security update 2016-10-18 11:08:06 UTC
Red Hat Product Errata RHSA-2016:2957 0 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release 2016-12-16 03:11:19 UTC

Description Adam Mariš 2016-03-04 12:15:42 UTC 
It was found that doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data. This issues is different than CVE-2016-0799.

Upstream patch:

https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
Comment 1 Adam Mariš 2016-03-04 12:31:23 UTC 
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1314766]
Comment 2 Adam Mariš 2016-03-04 12:31:38 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1314764]
Comment 3 Adam Mariš 2016-03-04 12:31:48 UTC 
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1314765]
Comment 10 petercho 2016-04-11 04:26:26 UTC 
Can we do this in higher priority?
Clients concern this seriously as it is related to openssl.
Thanks.
Comment 12 Tomas Mraz 2016-04-29 15:17:27 UTC 
Note that the patch for CVE-2016-0799 fixes also this issue.
Comment 14 Martin Prpič 2016-05-03 14:53:21 UTC 
Acknowledgments:

Name: the OpenSSL project
Upstream: Guido Vranken
Comment 15 errata-xmlrpc 2016-05-09 09:28:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0722 https://rhn.redhat.com/errata/RHSA-2016-0722.html
Comment 16 errata-xmlrpc 2016-05-10 04:20:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0996 https://rhn.redhat.com/errata/RHSA-2016-0996.html
Comment 21 errata-xmlrpc 2016-10-18 07:08:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support

Via RHSA-2016:2073 https://rhn.redhat.com/errata/RHSA-2016-2073.html
Comment 22 errata-xmlrpc 2016-12-15 22:16:35 UTC 
This issue has been addressed in the following products:



Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html
Note You need to log in before you can comment on or make changes to this bug.