Description
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
Remediation
References
Related Vulnerabilities
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)
MySQL Other Vulnerability (CVE-2005-2572)
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
Oracle Application Server CVE-2007-3854 Vulnerability (CVE-2007-3854)
WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)