CVE-2016-0705

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

Affected Software

Name	Vendor	Start Version	End Version
Mysql	Oracle	5.6.0 (including)	5.6.29 (including)
Mysql	Oracle	5.7.0 (including)	5.7.11 (including)
Red Hat Enterprise Linux 6	RedHat	openssl-0:1.0.1e-42.el6_7.4	*
Red Hat Enterprise Linux 6 Supplementary	RedHat	java-1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el6_10	*
Red Hat Enterprise Linux 7	RedHat	openssl-1:1.0.1e-51.el7_2.4	*
Red Hat Enterprise Linux 7 Supplementary	RedHat	java-1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el7	*
Red Hat Satellite 5.8	RedHat	java-1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el6_10	*
RHEV 3.X Hypervisor and Agents for RHEL-6	RedHat	rhev-hypervisor7-0:7.2-20160302.1.el6ev	*
RHEV 3.X Hypervisor and Agents for RHEL-7	RedHat	rhev-hypervisor7-0:7.2-20160302.1.el7ev	*
Text-Only JBCS	RedHat		*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	esm-infra-legacy/trusty	*
Openssl	Ubuntu	esm-infra/xenial	*
Openssl	Ubuntu	precise	*
Openssl	Ubuntu	trusty	*
Openssl	Ubuntu	trusty/esm	*
Openssl	Ubuntu	upstream	*
Openssl	Ubuntu	vivid/stable-phone-overlay	*
Openssl	Ubuntu	vivid/ubuntu-core	*
Openssl	Ubuntu	wily	*
Openssl	Ubuntu	xenial	*
Openssl098	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-0705
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References