CVE-2016-2177

CRITICAL9.8EPSS 24.0%

openssl - security update

Published: 6/20/2016Modified: 4/28/2026

Description

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Affected packages (4)

Alpine/opensslfrom 0, < 1.0.2h-r1
Debian/opensslfrom 0, < 1.0.2i-1
Debian/opensslfrom 0, < 1.0.1t-1+deb7u1
Debian/opensslfrom 0, < 1.0.1t-1+deb8u4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-2177
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-2177