Hence, these flaws can lead to traffic being decrypted, denial-of-service attacks, and arbitrary code execution.
OpenSSL Fixed Six Severe Flaws
Under certain conditions, an attacker can execute irrational code remotely.
The flaw, CVE-2016-2105, and CVE-2016-2106 affect the EVP_EncodeUpdate function.
As reported in the security bulletin, the chances of the remotely executed code are very small.
The vulnerability CVE-2016-2109 can cause large amounts of memory distribution, leading to over-consumption of resources or memory overflow.
However, this amount of data is almost useless to the attacker.
