OOB write in BN_bn2dec() (CVE-2016-2182)

Disclosed: 2017-05-25 01:32:16 By theyarestone To ibb

Low

Vulnerability Details

The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed. refer: https://www.openssl.org/news/secadv/20160922.txt

Actions

View on HackerOne

Report Stats

Report ID: 221788
State: Closed
Substate: resolved
Upvotes: 5

OOB write in BN_bn2dec() (CVE-2016-2182)

Vulnerability Details

Actions

Report Stats

Share this report