Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssl | Openssl | * | 1.0.1s (including) |
Openssl | Openssl | 1.0.2 (including) | 1.0.2 (including) |
Openssl | Openssl | 1.0.2-beta1 (including) | 1.0.2-beta1 (including) |
Openssl | Openssl | 1.0.2-beta2 (including) | 1.0.2-beta2 (including) |
Openssl | Openssl | 1.0.2-beta3 (including) | 1.0.2-beta3 (including) |
Openssl | Openssl | 1.0.2a (including) | 1.0.2a (including) |
Openssl | Openssl | 1.0.2b (including) | 1.0.2b (including) |
Openssl | Openssl | 1.0.2c (including) | 1.0.2c (including) |
Openssl | Openssl | 1.0.2d (including) | 1.0.2d (including) |
Openssl | Openssl | 1.0.2e (including) | 1.0.2e (including) |
Openssl | Openssl | 1.0.2f (including) | 1.0.2f (including) |
Openssl | Openssl | 1.0.2g (including) | 1.0.2g (including) |