I am using openssl-1.0.0e in my product. Here i want to know that OpenSSL is
CVE-2016-2180 vulnerable or not.

https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a?diff=unified
In this page showing some information about CVE-2016-2180 vulnerability.

Actually i read some information from the internet that, to reproduce this
vulnerability need to "*create specially crafted time stamp file and used
with the "openssl ts"*" command. How to create "specially crafted time stamp
file". 

In the CVE-2016-2180 vulnerability talk about TS_OBJ_print_bio function
creating the crash. This function is present in the openssl i have.

Is there any patch available for this vulnerability.




--
View this message in context: 
http://openssl.6102.n7.nabble.com/CVE-2016-2180-tp68032.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to