The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL...
Critical severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Sep 16, 2016
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Jan 29, 2023
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
References