Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libcrypto1.0.0-udeb", "binary_version": "1.0.1f-1ubuntu2.11" }, { "binary_name": "libssl-dev", "binary_version": "1.0.1f-1ubuntu2.11" }, { "binary_name": "libssl-doc", "binary_version": "1.0.1f-1ubuntu2.11" }, { "binary_name": "libssl1.0.0", "binary_version": "1.0.1f-1ubuntu2.11" }, { "binary_name": "libssl1.0.0-dbg", "binary_version": "1.0.1f-1ubuntu2.11" }, { "binary_name": "libssl1.0.0-udeb", "binary_version": "1.0.1f-1ubuntu2.11" }, { "binary_name": "openssl", "binary_version": "1.0.1f-1ubuntu2.11" } ], "ubuntu_priority": "medium" }