Description
Several flaws were found in the way BIO_*printf functions were implemented in
OpenSSL. Applications which passed large amounts of untrusted data through these
functions could crash or potentially execute code with the permissions of the
user running such an application. (CVE-2016-0799, CVE-2016-2842)
* A denial of service flaw was found in the way OpenSSL parsed certain
ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application
using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate
an excessive amount of data. (CVE-2016-2109)