{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"OpenSSL Vulnerabilities"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2016-0020","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-05T05:31:13.458Z","generator":{"date":"2026-04-05T05:31:13.458Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"PAN-SA-2016-0020","initial_release_date":"2016-08-15T18:30:00.000Z","revision_history":[{"number":"1","date":"2026-04-04T22:31:13.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS<=6.0.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-460"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=6.0.14","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-444"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=6.1.12","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-452"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=6.1.13","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-453"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=7.0.8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-455"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=7.0.9","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-741"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=7.1.3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-456"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=7.1.4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-457"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2014-8176","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."}],"references":[{"category":"external","summary":"NVD - CVE-2014-8176","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8176"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."}]},{"cve":"CVE-2015-1788","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1788","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1788"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication."}]},{"cve":"CVE-2015-1789","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1789","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1789"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback."}]},{"cve":"CVE-2015-1790","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1790","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1790"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data."}]},{"cve":"CVE-2015-1791","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1791","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1791"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier."}]},{"cve":"CVE-2015-1792","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1792","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1792"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function."}]},{"cve":"CVE-2015-1794","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message."}],"references":[{"category":"external","summary":"NVD - CVE-2015-1794","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1794"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message."}]},{"cve":"CVE-2015-3195","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application."}],"references":[{"category":"external","summary":"NVD - CVE-2015-3195","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3195"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application."}]},{"cve":"CVE-2015-4000","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."}],"references":[{"category":"external","summary":"NVD - CVE-2015-4000","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4000"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue."}]},{"cve":"CVE-2016-2105","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2105","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2105"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."}]},{"cve":"CVE-2016-2106","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2106","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2106"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data."}]},{"cve":"CVE-2016-2107","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2107","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2107"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169."}]},{"cve":"CVE-2016-2108","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2108","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2108"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue."}]},{"cve":"CVE-2016-2109","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2109","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2109"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."}]},{"cve":"CVE-2016-2176","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2176","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2176"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."}]},{"cve":"CVE-2016-2842","product_status":{"fixed":["PANW-PAN-OS-444","PANW-PAN-OS-453","PANW-PAN-OS-741","PANW-PAN-OS-457"],"known_affected":["PANW-PAN-OS-460","PANW-PAN-OS-452","PANW-PAN-OS-455","PANW-PAN-OS-456"]},"notes":[{"category":"description","text":"The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2842","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2842"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0020","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0020"}],"threats":[{"category":"impact","description":"The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799."}]}]}