The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssl | Openssl | * | 1.0.1s (including) |
Openssl | Openssl | 1.0.2 (including) | 1.0.2 (including) |
Openssl | Openssl | 1.0.2-beta1 (including) | 1.0.2-beta1 (including) |
Openssl | Openssl | 1.0.2-beta2 (including) | 1.0.2-beta2 (including) |
Openssl | Openssl | 1.0.2-beta3 (including) | 1.0.2-beta3 (including) |
Openssl | Openssl | 1.0.2a (including) | 1.0.2a (including) |
Openssl | Openssl | 1.0.2b (including) | 1.0.2b (including) |
Openssl | Openssl | 1.0.2c (including) | 1.0.2c (including) |
Openssl | Openssl | 1.0.2d (including) | 1.0.2d (including) |
Openssl | Openssl | 1.0.2e (including) | 1.0.2e (including) |
Openssl | Openssl | 1.0.2f (including) | 1.0.2f (including) |
Openssl | Openssl | 1.0.2g (including) | 1.0.2g (including) |