Launchpad.net

CVE 2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Related bugs and status

CVE-2016-2177 (Candidate) is related to these bugs:

Bug #1593953: EC_KEY_generate_key() causes FIPS self-test failure

Summary				In	Importance	Status
	1593953	EC_KEY_generate_key() causes FIPS self-test failure		openssl (Ubuntu)	Undecided	Fix Released
	1593953	EC_KEY_generate_key() causes FIPS self-test failure		openssl (Ubuntu Xenial)	Undecided	Fix Released

Bug #1594748: CRYPTO_set_mem_functions() is broken

		In	Importance	Status
1594748	CRYPTO_set_mem_functions() is broken	openssl (Ubuntu)	Undecided	Fix Released
1594748	CRYPTO_set_mem_functions() is broken	OpenSSL	Unknown	Invalid
1594748	CRYPTO_set_mem_functions() is broken	openssl (Ubuntu Xenial)	Undecided	Fix Released

Bug #1614210: Remove incomplete fips in openssl in xenial.

		In	Importance	Status
1614210	Remove incomplete fips in openssl in xenial.	openssl (Ubuntu)	Undecided	Fix Released
1614210	Remove incomplete fips in openssl in xenial.	openssl (Ubuntu Xenial)	Undecided	Fix Released
1614210	Remove incomplete fips in openssl in xenial.	openssl (Ubuntu Yakkety)	Undecided	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2177

Related bugs and status

Related bugs

References