A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | mysql56 | 2016-05-18 14:00 | ALAS-2016-701 |
Amazon Linux 1 | openssl | 2016-03-10 16:30 | ALAS-2016-661 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
NVD | CVSSv3 | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |