Lucene search

[email protected]NVD:CVE-2016-2177

HistoryJun 20, 2016 - 1:59 a.m.

CVE-2016-2177

2016-06-2001:59:02

CWE-190

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.152 Low

EPSS

Percentile

95.9%

JSON

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Affected configurations

NVD

Node

hpicewall_mcrpMatch3.0

hpicewall_ssoMatch10.0certd

hpicewall_ssoMatch10.0dfw

hpicewall_sso_agent_optionMatch10.0

Node

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

opensslopensslMatch1.0.1i

opensslopensslMatch1.0.1j

opensslopensslMatch1.0.1k

opensslopensslMatch1.0.1l

opensslopensslMatch1.0.1m

opensslopensslMatch1.0.1n

opensslopensslMatch1.0.1o

opensslopensslMatch1.0.1p

opensslopensslMatch1.0.1q

opensslopensslMatch1.0.1r

opensslopensslMatch1.0.1s

opensslopensslMatch1.0.1t

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2a

opensslopensslMatch1.0.2b

opensslopensslMatch1.0.2c

opensslopensslMatch1.0.2d

opensslopensslMatch1.0.2e

opensslopensslMatch1.0.2f

opensslopensslMatch1.0.2g

opensslopensslMatch1.0.2h

Node

oraclelinuxMatch5

oraclelinuxMatch6

oraclelinuxMatch7

oraclesolarisMatch10

oraclesolarisMatch11.3

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

rhn.redhat.com/errata/RHSA-2016-1940.html

rhn.redhat.com/errata/RHSA-2016-2957.html

rhn.redhat.com/errata/RHSA-2017-1659.html

seclists.org/fulldisclosure/2017/Jul/31

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

www-01.ibm.com/support/docview.wss?uid=swg21995039

www.debian.org/security/2016/dsa-3673

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

www.openwall.com/lists/oss-security/2016/06/08/9

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/archive/1/540957/100/0/threaded

www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded

www.securityfocus.com/bid/91319

www.securitytracker.com/id/1036088

www.splunk.com/view/SP-CAAAPSV

www.splunk.com/view/SP-CAAAPUE

www.ubuntu.com/usn/USN-3087-1

www.ubuntu.com/usn/USN-3087-2

www.ubuntu.com/usn/USN-3181-1

access.redhat.com/errata/RHSA-2017:0193

access.redhat.com/errata/RHSA-2017:0194

access.redhat.com/errata/RHSA-2017:1658

bto.bluecoat.com/security-advisory/sa132

bugzilla.redhat.com/show_bug.cgi?id=1341705

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

ics-cert.us-cert.gov/advisories/ICSA-18-144-01

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

kc.mcafee.com/corporate/index?page=content&id=SB10165

kc.mcafee.com/corporate/index?page=content&id=SB10215

security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

security.gentoo.org/glsa/201612-16

support.f5.com/csp/article/K23873366

support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager

www.schneider-electric.com/en/download/document/SEVD-2018-137-01/

www.schneider-electric.com/en/download/document/SEVD-2018-144-01/

www.tenable.com/security/tns-2016-16

www.tenable.com/security/tns-2016-20

www.tenable.com/security/tns-2016-21