Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | * | 1.0.1s (including) |
| Openssl | Openssl | 1.0.2 (including) | 1.0.2 (including) |
| Openssl | Openssl | 1.0.2-beta1 (including) | 1.0.2-beta1 (including) |
| Openssl | Openssl | 1.0.2-beta2 (including) | 1.0.2-beta2 (including) |
| Openssl | Openssl | 1.0.2-beta3 (including) | 1.0.2-beta3 (including) |
| Openssl | Openssl | 1.0.2a (including) | 1.0.2a (including) |
| Openssl | Openssl | 1.0.2b (including) | 1.0.2b (including) |
| Openssl | Openssl | 1.0.2c (including) | 1.0.2c (including) |
| Openssl | Openssl | 1.0.2d (including) | 1.0.2d (including) |
| Openssl | Openssl | 1.0.2e (including) | 1.0.2e (including) |
| Openssl | Openssl | 1.0.2f (including) | 1.0.2f (including) |
| Openssl | Openssl | 1.0.2g (including) | 1.0.2g (including) |
| Red Hat Enterprise Linux 6 | RedHat | openssl-0:1.0.1e-48.el6_8.1 | * |
| Red Hat Enterprise Linux 6.7 Extended Update Support | RedHat | openssl-0:1.0.1e-42.el6_7.5 | * |
| Red Hat Enterprise Linux 7 | RedHat | openssl-1:1.0.1e-51.el7_2.5 | * |
| Red Hat JBoss Core Services 1 | RedHat | * | |
| Red Hat JBoss Enterprise Application Platform 6.4 | RedHat | openssl | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | httpd-0:2.2.26-54.ep6.el6 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | jbcs-httpd24-0:1-3.jbcs.el6 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el6 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el6 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el6 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | mod_jk-0:1.2.41-2.redhat_3.ep6.el6 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | RedHat | tomcat-native-0:1.1.34-5.redhat_1.ep6.el6 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | httpd22-0:2.2.26-56.ep6.el7 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | jbcs-httpd24-0:1-3.jbcs.el7 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | jbcs-httpd24-openssl-1:1.0.2h-4.jbcs.el7 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | mod_cluster-0:1.2.13-1.Final_redhat_1.1.ep6.el7 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | mod_cluster-native-0:1.2.13-3.Final_redhat_2.ep6.el7 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | mod_jk-0:1.2.41-2.redhat_3.ep6.el7 | * |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 7 | RedHat | tomcat-native-0:1.1.34-5.redhat_1.ep6.el7 | * |
| Red Hat JBoss Web Server 2.1 | RedHat | openssl | * |
| Openssl | Ubuntu | artful | * |
| Openssl | Ubuntu | bionic | * |
| Openssl | Ubuntu | cosmic | * |
| Openssl | Ubuntu | devel | * |
| Openssl | Ubuntu | disco | * |
| Openssl | Ubuntu | precise | * |
| Openssl | Ubuntu | trusty | * |
| Openssl | Ubuntu | upstream | * |
| Openssl | Ubuntu | vivid/stable-phone-overlay | * |
| Openssl | Ubuntu | vivid/ubuntu-core | * |
| Openssl | Ubuntu | wily | * |
| Openssl | Ubuntu | xenial | * |
| Openssl | Ubuntu | yakkety | * |
| Openssl | Ubuntu | zesty | * |
| Openssl098 | Ubuntu | precise | * |
| Openssl098 | Ubuntu | trusty | * |