virus logo FortiClient Vulnerability

OpenSSL CVE-2016-2176 Buffer Overflow Vulnerability

description-logoDescription

Severity: LowASN1 Strings that are over 1024 bytes can cause an overread in applicationsusing the X509_NAME_oneline() function on EBCDIC systems. This could result inarbitrary stack data being returned in the buffer.OpenSSL 1.0.2 users should upgrade to 1.0.2hOpenSSL 1.0.1 users should upgrade to 1.0.1tThis issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. Thefix was developed by Matt Caswell of the OpenSSL development team.NoteAs per our previous announcements and our Release Strategyversion 1.0.1 will cease on 31st December 2016. No security updates for thatversion will be provided after that date. Users of 1.0.1 are advised toupgrade.Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Thoseversions are no longer receiving security updates.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv/20160503.txtNote: the online version of the advisory may be updated with additional detailsover time.For details of OpenSSL severity classifications please see:https://www.openssl.org/policies/secpolicy.html

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-2176

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39860
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL