The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
2016-05-05T01:59:05.357
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:C
10.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | ≤ 1.0.1s | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2 | Yes |
| Application | openssl | openssl | 1.0.2a | Yes |
| Application | openssl | openssl | 1.0.2b | Yes |
| Application | openssl | openssl | 1.0.2c | Yes |
| Application | openssl | openssl | 1.0.2d | Yes |
| Application | openssl | openssl | 1.0.2e | Yes |
| Application | openssl | openssl | 1.0.2f | Yes |
| Application | openssl | openssl | 1.0.2g | Yes |
| Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_hpc_node | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_hpc_node_eus | 7.2 | Yes |
| Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.2 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 7.2 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_hpc_node | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |