Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Enterprise_linux_desktop | Redhat | 6.0 (including) | 6.0 (including) |
Enterprise_linux_hpc_node | Redhat | 6 (including) | 6 (including) |
Enterprise_linux_server | Redhat | 6.0 (including) | 6.0 (including) |
Enterprise_linux_workstation | Redhat | 6.0 (including) | 6.0 (including) |
Red Hat Enterprise Linux 6 | RedHat | openssl-0:1.0.1e-48.el6_8.1 | * |
Red Hat Enterprise Linux 6.7 Extended Update Support | RedHat | openssl-0:1.0.1e-42.el6_7.5 | * |
Red Hat Enterprise Linux 7 | RedHat | openssl-1:1.0.1e-51.el7_2.5 | * |
Red Hat JBoss Enterprise Application Platform 6.4 | RedHat | openssl | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | httpd-0:2.2.26-54.ep6.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | jbcs-httpd24-0:1-3.jbcs.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | mod_jk-0:1.2.41-2.redhat_3.ep6.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | tomcat-native-0:1.1.34-5.redhat_1.ep6.el6 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | httpd22-0:2.2.26-56.ep6.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | jbcs-httpd24-0:1-3.jbcs.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | mod_jk-0:1.2.41-2.redhat_3.ep6.el7 | * |
Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | tomcat-native-0:1.1.34-5.redhat_1.ep6.el7 | * |
Red Hat JBoss Web Server 2.1 | RedHat | openssl | * |
Text-Only JBCS | RedHat | * | |
Openssl | Ubuntu | artful | * |
Openssl | Ubuntu | bionic | * |
Openssl | Ubuntu | cosmic | * |
Openssl | Ubuntu | devel | * |
Openssl | Ubuntu | disco | * |
Openssl | Ubuntu | esm-infra-legacy/trusty | * |
Openssl | Ubuntu | esm-infra/bionic | * |
Openssl | Ubuntu | esm-infra/xenial | * |
Openssl | Ubuntu | precise | * |
Openssl | Ubuntu | trusty | * |
Openssl | Ubuntu | trusty/esm | * |
Openssl | Ubuntu | upstream | * |
Openssl | Ubuntu | vivid/stable-phone-overlay | * |
Openssl | Ubuntu | vivid/ubuntu-core | * |
Openssl | Ubuntu | wily | * |
Openssl | Ubuntu | xenial | * |
Openssl | Ubuntu | yakkety | * |
Openssl | Ubuntu | zesty | * |
Openssl098 | Ubuntu | precise | * |
Openssl098 | Ubuntu | trusty | * |