資安通報
CVE-2016-0705
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Release Date: 2016/03/04
Vulnerability Scoring Details :
The vulnerability scores and vectors are listed below.
| Severity | CVSS Score | Vector |
|---|---|---|
| CRITICAL | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
