Lucene search

[email protected]CVE-2016-6306

HistorySep 26, 2016 - 7:59 p.m.

CVE-2016-6306

2016-09-2619:59:00

CWE-125

[email protected]

web.nvd.nist.gov

174

cve-2016-6306

openssl

denial of service

out-of-bounds read

certificate parser

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.259 Low

EPSS

Percentile

96.7%

JSON

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

CPENameOperatorVersion
openssl:opensslopenssleq1.0.1m
openssl:opensslopenssleq1.0.1j
openssl:opensslopenssleq1.0.1
openssl:opensslopenssleq1.0.1h
openssl:opensslopenssleq1.0.1r
openssl:opensslopenssleq1.0.1c
openssl:opensslopenssleq1.0.1g
openssl:opensslopenssleq1.0.1a
openssl:opensslopenssleq1.0.1d
openssl:opensslopenssleq1.0.1t

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	1.0.1m
openssl:openssl	openssl	eq	1.0.1j
openssl:openssl	openssl	eq	1.0.1
openssl:openssl	openssl	eq	1.0.1h
openssl:openssl	openssl	eq	1.0.1r
openssl:openssl	openssl	eq	1.0.1c
openssl:openssl	openssl	eq	1.0.1g
openssl:openssl	openssl	eq	1.0.1a
openssl:openssl	openssl	eq	1.0.1d
openssl:openssl	openssl	eq	1.0.1t

Rows per page:

1-10 of 441

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

rhn.redhat.com/errata/RHSA-2016-1940.html

seclists.org/fulldisclosure/2017/Jul/31

www-01.ibm.com/support/docview.wss?uid=swg21995039

www.debian.org/security/2016/dsa-3673

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/93153

www.securitytracker.com/id/1036885

www.ubuntu.com/usn/USN-3087-1

www.ubuntu.com/usn/USN-3087-2

access.redhat.com/errata/RHSA-2018:2185

access.redhat.com/errata/RHSA-2018:2186

access.redhat.com/errata/RHSA-2018:2187

bto.bluecoat.com/security-advisory/sa132

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

kc.mcafee.com/corporate/index?page=content&id=SB10215

nodejs.org/en/blog/vulnerability/september-2016-security-releases/

security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

security.gentoo.org/glsa/201612-16

support.f5.com/csp/article/K90492697

support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

www.openssl.org/news/secadv/20160922.txt

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.tenable.com/security/tns-2016-16

www.tenable.com/security/tns-2016-20

www.tenable.com/security/tns-2016-21

Social References

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.259 Low

EPSS

Percentile

96.7%

JSON

CVE-2016-6306

References

Social References

Related