VulnerableCode Package Details - pkg:alpm/archlinux/lib32-openssl@1:1.1.0a-1

Search for packages

Package details: pkg:alpm/archlinux/lib32-openssl@1:1.1.0a-1

Essentials
History (3)

purl	pkg:alpm/archlinux/lib32-openssl@1:1.1.0a-1

Next non-vulnerable version	1:1.1.0.c-1
Latest non-vulnerable version	1:3.1.4-1
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-mcbc-6asm-aaab Aliases: CVE-2016-6309 VC-OPENSSL-20160926-CVE-2016-6309	This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This is likely to result in a crash, however it could potentially lead to execution of arbitrary code.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:06.644916+00:00	Arch Linux Importer	Affected by	VCID-mcbc-6asm-aaab	https://security.archlinux.org/AVG-32	36.0.0
2024-09-18T02:00:03.885538+00:00	Arch Linux Importer	Affected by	VCID-mcbc-6asm-aaab	https://security.archlinux.org/AVG-32	34.0.1
2024-01-03T22:26:18.819054+00:00	Arch Linux Importer	Affected by	VCID-mcbc-6asm-aaab	https://security.archlinux.org/AVG-32	34.0.0rc1