virus logo FortiClient Vulnerability

OpenSSL CVE-2016-2180 Out of Bounds Read Vulnerability

description-logoDescription

Severity: LowThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value isthe total length the OID text representation would use and not the amountof data written. This will result in OOB reads when large OIDs are presented.OpenSSL 1.0.2 users should upgrade to 1.0.2iOpenSSL 1.0.1 users should upgrade to 1.0.1uThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSLdevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-2180

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39867
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL