1. Home
  2. CVE Database
  3. CVE-2016-2177
CRITICAL · 9.8

CVE-2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or ...

Vulnerability Description

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HpIcewall Mcrp3.0
HpIcewall Sso10.0
HpIcewall Sso Agent Option10.0
OpensslOpenssl1.0.1
OracleLinux5
OracleSolaris10

Related Weaknesses (CWE)

CWE-190

References

FAQ

What is CVE-2016-2177?

CVE-2016-2177 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or ...

How severe is CVE-2016-2177?

CVE-2016-2177 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-2177?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Icewall Mcrp, Hp Icewall Sso, Hp Icewall Sso Agent Option, Openssl Openssl, Oracle Linux.