Public Date:
1312219: CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application.

Find out more about CVE-2016-0799 from the MITRE CVE dictionary dictionary and NIST NVD.


The original issue fixed by OpenSSL upstream contains two distinct fixes. The first one is a format string flaw in the internal fmtstr functions, which may result in a OOB read flaw when printing very large string. This issue was assigned CVE-2016-0799

The second issue relates to the internal doapr_outch function of OpenSSL. It can result in an OOB write, or cause memory leaks. This issue has been assigned CVE-2016-2842 by MITRE as is now tracked as

CVSS v2 metrics

Base Score 2.6
Base Metrics AV:N/AC:H/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Core Services 1 RHSA-2016:2957 2016-12-15
Red Hat Enterprise Linux 7 (openssl) RHSA-2016:0722 2016-05-09
Red Hat Enterprise Linux Extended Update Support 6.7 (openssl) RHSA-2016:2073 2016-10-18
Red Hat Enterprise Linux 6 (openssl) RHSA-2016:0996 2016-05-10

Affected Packages State

Platform Package State
Red Hat JBoss Web Server 3.0 openssl Fix deferred
Red Hat JBoss EWS 2 openssl Will not fix
Red Hat JBoss EWS 1 openssl Will not fix
Red Hat Enterprise Linux 7 openssl098e Will not fix
Red Hat Enterprise Linux 6 openssl098e Will not fix
Red Hat Enterprise Linux 5 openssl Will not fix
Red Hat Enterprise Linux 5 openssl097a Will not fix
RHEV Manager 3 rhev-hypervisor Will not fix


Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.
Last Modified