Heap-buffer boundary check vulnerability in OpenSSL through 1.0.2h

Heap-buffer boundary check vulnerability in OpenSSL through 1.0.2h

CVE-2016-2177 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Learn more about our Web Application Penetration Testing UK.