virus logo FortiClient Vulnerability

OpenSSL CVE-2016-2109 Denial of Service Vulnerability

description-logoDescription

Severity: LowWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()a short invalid encoding can casuse allocation of large amounts of memorypotentially consuming excessive resources or exhausting memory.Any application parsing untrusted data through d2i BIO functions is affected.The memory based functions such as d2i_X509() are *not* affected. Since thememory based functions are used by the TLS library, TLS applications are notaffected.OpenSSL 1.0.2 users should upgrade to 1.0.2hOpenSSL 1.0.1 users should upgrade to 1.0.1tThis issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter.The fix was developed by Stephen Henson of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-2109

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39859
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL