Integer overflow in ssl3_get_client_hello() in Oracle products - CVE-2016-2177

Vulnerability identifier: #VU24

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-2177

CWE-ID: CWE-494

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenSSL Software Foundation
Oracle

Affected software:
OpenSSL
Oracle Solaris
Oracle Linux
Oracle VM VirtualBox
Oracle VM Server for x86

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.

The vendor has issued a source code fix, available at:

https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7

• https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
• http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html