Lucene search

K

Veracode Vulnerability DatabaseVERACODE:3345

HistoryJan 27, 2017 - 1:47 a.m.

Buffer Overread

2017-01-2701:47:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

49

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

OpenSSL is vulnerable to buffer overreads. A malicious user can pass malicious ASN.1 data to the server, causing a buffer overread which can lead to disclosure of sensitive information or denial of service.

CPENameOperatorVersion
openssleq1.0.1.h
opensslle1.0.111
opensslle1.0.1h
opensslle1.0.207
openssl-osxle1.0.207
openssl-staticle1.0.2.c1
openssleq1.0.1.h
opensslle1.0.111
opensslle1.0.1h
opensslle1.0.207

Rows per page:

1-10 of 121

References

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/89746

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1035721

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

bto.bluecoat.com/security-advisory/sa123

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561

github.com/FredericJacobs/OpenSSL-Pod/blob/master/1.0.208/OpenSSL.podspec#L14

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202

kc.mcafee.com/corporate/index?page=content&id=SB10160

security.gentoo.org/glsa/201612-16

security.netapp.com/advisory/ntap-20160504-0001/

support.apple.com/HT206903

www.openssl.org/news/secadv/20160503.txt

www.tenable.com/security/tns-2016-18

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P