CWE
119 1103
Advisory Published
CVE Published
Updated

CVE-2016-0799: Buffer Overflow

First published: Fri Feb 26 2016(Updated: )

As per Upstream advisory: The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. This issue affects OpenSSL versions 1.0.2 and 1.0.1. OpenSSL 1.0.2 users should upgrade to 1.0.2g OpenSSL 1.0.1 users should upgrade to 1.0.1s This issue was reported to OpenSSL on February 23rd by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/openssl<0:1.0.1e-48.el6_8.1
0:1.0.1e-48.el6_8.1
redhat/openssl<0:1.0.1e-42.el6_7.5
0:1.0.1e-42.el6_7.5
redhat/openssl<1:1.0.1e-51.el7_2.5
1:1.0.1e-51.el7_2.5
redhat/openssl<1.0.1
1.0.1
redhat/openssl<1.0.2
1.0.2
Advantech Spectre Rt Ert351 Firmware
OpenSSL=1.0.1
OpenSSL=1.0.1-beta1
OpenSSL=1.0.1-beta2
OpenSSL=1.0.1-beta3
OpenSSL=1.0.1a
OpenSSL=1.0.1b
OpenSSL=1.0.1c
OpenSSL=1.0.1d
OpenSSL=1.0.1e
OpenSSL=1.0.1f
OpenSSL=1.0.1g
OpenSSL=1.0.1h
OpenSSL=1.0.1i
OpenSSL=1.0.1j
OpenSSL=1.0.1k
OpenSSL=1.0.1l
OpenSSL=1.0.1m
OpenSSL=1.0.1n
OpenSSL=1.0.1o
OpenSSL=1.0.1p
OpenSSL=1.0.1q
OpenSSL=1.0.1r
OpenSSL=1.0.2
OpenSSL=1.0.2-beta1
OpenSSL=1.0.2-beta2
OpenSSL=1.0.2-beta3
OpenSSL=1.0.2a
OpenSSL=1.0.2b
OpenSSL=1.0.2c
OpenSSL=1.0.2d
OpenSSL=1.0.2e
OpenSSL=1.0.2f
Pulse Secure Client for Android
Pulse Secure Client for iOS
Juniper Steel-Belted Radius Carrier

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2016-0799?

    The severity of CVE-2016-0799 is rated as important due to potential out-of-bounds read vulnerabilities.

  • How do I fix CVE-2016-0799?

    To fix CVE-2016-0799, upgrade OpenSSL to version 1.0.1e-51.el7_2.5 or higher for Red Hat distributions, or apply the appropriate patches.

  • What versions of OpenSSL are affected by CVE-2016-0799?

    CVE-2016-0799 affects multiple versions of OpenSSL including 1.0.1 and earlier versions of 1.0.2.

  • What types of attacks can exploit CVE-2016-0799?

    CVE-2016-0799 can be exploited through crafted format strings leading to potential leakage of sensitive information or application crashes.

  • Is CVE-2016-0799 specific to any particular software vendors?

    Yes, CVE-2016-0799 specifically impacts software using OpenSSL, particularly those from Red Hat and Advantech.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203