OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Low
Vulnerability Details
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
the total length the OID text representation would use and not the amount
of data written. This will result in OOB reads when large OIDs are presented.
refer:
https://www.openssl.org/news/secadv/20160922.txt
Actions
View on HackerOneReport Stats
- Report ID: 221789
- State: Closed
- Substate: resolved
- Upvotes: 5