Description
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer
boundary checks, which might allow remote attackers to cause a denial of
service (integer overflow and application crash) or possibly have
unspecified other impact by leveraging unexpected malloc behavior, related
to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Notes
mdeslaur | USN-3087-1 fixed this CVE in Ubuntu 16.04 LTS. Other Ubuntu
releases will be fixed in a future USN. |
Package
Upstream: | needs-triage
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was needs-triage)
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was needs-triage)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Ubuntu 19.10 (Eoan Ermine): | DNE
|
Updated: 2019-12-05 21:08:14 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)