Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | openssl | 2016-03-10 16:30 | ALAS-2016-661 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 5.8 | AV:N/AC:M/Au:N/C:N/I:P/A:P |
NVD | CVSSv2 | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
NVD | CVSSv3 | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |