Lucene search

[email protected]NVD:CVE-2016-2182

HistorySep 16, 2016 - 5:59 a.m.

CVE-2016-2182

2016-09-1605:59:02

CWE-787

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.52

Percentile

97.6%

JSON

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Affected configurations

Nvd

Node

hpicewall_federation_agentMatch3.0

hpicewall_mcrpMatch3.0

hpicewall_ssoMatch10.0certd

hpicewall_ssoMatch10.0dfw

hpicewall_sso_agent_optionMatch10.0

Node

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

opensslopensslMatch1.0.1i

opensslopensslMatch1.0.1j

opensslopensslMatch1.0.1k

opensslopensslMatch1.0.1l

opensslopensslMatch1.0.1m

opensslopensslMatch1.0.1n

opensslopensslMatch1.0.1o

opensslopensslMatch1.0.1p

opensslopensslMatch1.0.1q

opensslopensslMatch1.0.1r

opensslopensslMatch1.0.1s

opensslopensslMatch1.0.1t

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2a

opensslopensslMatch1.0.2b

opensslopensslMatch1.0.2c

opensslopensslMatch1.0.2d

opensslopensslMatch1.0.2e

opensslopensslMatch1.0.2f

opensslopensslMatch1.0.2g

opensslopensslMatch1.0.2h

Node

oraclelinuxMatch5

oraclelinuxMatch6

oraclelinuxMatch7

VendorProductVersionCPE
hpicewall_federation_agent3.0cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
hpicewall_mcrp3.0cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*
hpicewall_sso10.0cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*
hpicewall_sso10.0cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*
hpicewall_sso_agent_option10.0cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*
opensslopenssl1.0.1cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
opensslopenssl1.0.1acpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
opensslopenssl1.0.1bcpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
opensslopenssl1.0.1ccpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
opensslopenssl1.0.1dcpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	icewall_federation_agent	3.0	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
hp	icewall_mcrp	3.0	cpe:2.3:a:hp:icewall_mcrp:3.0:::::::*
hp	icewall_sso	10.0	cpe:2.3:a:hp:icewall_sso:10.0::::certd:::
hp	icewall_sso	10.0	cpe:2.3:a:hp:icewall_sso:10.0::::dfw:::
hp	icewall_sso_agent_option	10.0	cpe:2.3:a:hp:icewall_sso_agent_option:10.0:::::::*
openssl	openssl	1.0.1	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
openssl	openssl	1.0.1a	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
openssl	openssl	1.0.1b	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
openssl	openssl	1.0.1c	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
openssl	openssl	1.0.1d	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*

Rows per page:

1-10 of 381

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

rhn.redhat.com/errata/RHSA-2016-1940.html

seclists.org/fulldisclosure/2017/Jul/31

www-01.ibm.com/support/docview.wss?uid=swg21995039

www.debian.org/security/2016/dsa-3673

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/92557

www.securitytracker.com/id/1036688

www.securitytracker.com/id/1037968

www.splunk.com/view/SP-CAAAPSV

www.splunk.com/view/SP-CAAAPUE

www.ubuntu.com/usn/USN-3087-1

www.ubuntu.com/usn/USN-3087-2

access.redhat.com/errata/RHSA-2018:2185

access.redhat.com/errata/RHSA-2018:2186

access.redhat.com/errata/RHSA-2018:2187

bto.bluecoat.com/security-advisory/sa132

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

kc.mcafee.com/corporate/index?page=content&id=SB10171

kc.mcafee.com/corporate/index?page=content&id=SB10215

security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

source.android.com/security/bulletin/2017-03-01

source.android.com/security/bulletin/2017-03-01.html

support.f5.com/csp/article/K01276005

support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

www.tenable.com/security/tns-2016-16

www.tenable.com/security/tns-2016-20

www.tenable.com/security/tns-2016-21

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.52

Percentile

97.6%

JSON

CVE-2016-2182

Affected configurations

References

Related