OpenSSL '/evp/encode.c' Remote Memory Corruption Vulnerability

OpenSSL is prone to a remote memory-corruption vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions.

The following are vulnerable:

OpenSSL 1.0.1 prior to 1.0.1h.
OpenSSL 1.0.0 prior to 1.0.0m.
OpenSSL 0.9.8 prior to 0.9.8za.


Privacy Statement
Copyright 2010, SecurityFocus