CVE-2016-2105

HIGH

Redhat Enterprise Linux Desktop < 5.6.30 - Integer Overflow

Title source: rule

Description

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

References (61)

... and 41 more

Scores

CVSS v3 7.5
EPSS 0.4512
EPSS Percentile 97.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-190
Status draft

Affected Products (50)

redhat/enterprise_linux_desktop
redhat/enterprise_linux_hpc_node
redhat/enterprise_linux_server
redhat/enterprise_linux_workstation
opensuse/leap
opensuse/opensuse
oracle/mysql < 5.6.30
redhat/enterprise_linux_desktop
redhat/enterprise_linux_hpc_node
redhat/enterprise_linux_hpc_node_eus
redhat/enterprise_linux_server
redhat/enterprise_linux_server_aus
redhat/enterprise_linux_server_eus
redhat/enterprise_linux_workstation
apple/mac_os_x
... and 35 more

Timeline

Published May 05, 2016
Tracked Since Feb 18, 2026