The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
2016-03-03T20:59:03.797
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1 | Yes |
| Application | openssl | openssl | 1.0.1a | Yes |
| Application | openssl | openssl | 1.0.1b | Yes |
| Application | openssl | openssl | 1.0.1c | Yes |
| Application | openssl | openssl | 1.0.1d | Yes |
| Application | openssl | openssl | 1.0.1e | Yes |
| Application | openssl | openssl | 1.0.1f | Yes |
| Application | openssl | openssl | 1.0.1g | Yes |
| Application | openssl | openssl | 1.0.1h | Yes |
| Application | openssl | openssl | 1.0.1i | Yes |
| Application | openssl | openssl | 1.0.1j | Yes |
| Application | openssl | openssl | 1.0.1k | Yes |
| Application | openssl | openssl | 1.0.1l | Yes |
| Application | openssl | openssl | 1.0.1m | Yes |
| Application | openssl | openssl | 1.0.1n | Yes |
| Application | openssl | openssl | 1.0.1o | Yes |
| Application | openssl | openssl | 1.0.1p | Yes |
| Application | openssl | openssl | 1.0.1q | Yes |
| Application | openssl | openssl | 1.0.1r | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2a | Yes |
| Application | openssl | openssl | 1.0.2b | Yes |
| Application | openssl | openssl | 1.0.2c | Yes |
| Application | openssl | openssl | 1.0.2d | Yes |
| Application | openssl | openssl | 1.0.2e | Yes |
| Application | openssl | openssl | 1.0.2f | Yes |
| Application | pulsesecure | client | - | Yes |
| Application | pulsesecure | client | - | Yes |
| Application | pulsesecure | steel_belted_radius | - | Yes |