Vulnerabilites related to novell - suse_linux_enterprise_module_for_web_scripting
Vulnerability from fkie_nvd
Published
2016-09-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", matchCriteriaId: "21F16D65-8A46-4AC7-8970-73AB700035FB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", matchCriteriaId: "92F393FF-7E6F-4671-BFBF-060162E12659", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", matchCriteriaId: "E1B85A09-CF8D-409D-966E-168F9959F6F6", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", matchCriteriaId: "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", matchCriteriaId: "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", matchCriteriaId: "A74A79A7-4FAF-4C81-8622-050008B96AE1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", matchCriteriaId: "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", matchCriteriaId: "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", matchCriteriaId: "E884B241-F9C3-44F8-A420-DE65F5F3D660", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", matchCriteriaId: "3A383620-B4F7-44A7-85DA-A4FF2E115D80", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", matchCriteriaId: "5F0C6812-F455-49CF-B29B-9AC00306DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", matchCriteriaId: "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", matchCriteriaId: "3703E445-17C0-4C85-A496-A35641C0C8DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", matchCriteriaId: "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", matchCriteriaId: "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", matchCriteriaId: "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", matchCriteriaId: "A9EC827B-5313-47D7-BF49-CFF033CF3D53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", matchCriteriaId: "A438E65F-33B1-46BC-AD93-200DCC6B43D4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", matchCriteriaId: "4BFDCF78-62C1-429E-A43C-0C9FEC14837D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", matchCriteriaId: "6A0B4DEF-C6E8-4243-9893-6E650013600C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", matchCriteriaId: "E28CD4F7-522F-4ECA-9035-228596CDE769", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", matchCriteriaId: "A491B32F-31F0-4151-AE9B-313CBF2C060D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", matchCriteriaId: "0AF4953B-BB23-4C80-8C48-9E94EB234AAE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", matchCriteriaId: "B3261B40-5CBE-4AA6-990A-0A7BE96E5518", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", matchCriteriaId: "C6AFB9DD-DA50-4F9D-B19D-160CA487D002", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", matchCriteriaId: "87037877-8506-4737-9F47-2CB687975B1C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", matchCriteriaId: "FD94C478-6F81-4F37-B7F3-61D8682EC593", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F788DAEB-9865-45DE-B18A-FDD43E1EBB9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", matchCriteriaId: "18797BEE-417D-4959-9AAD-C5A7C051B524", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", matchCriteriaId: "6FAA3C31-BD9D-45A9-A502-837FECA6D479", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", matchCriteriaId: "6455A421-9956-4846-AC7C-3431E0D37D23", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", matchCriteriaId: "60F946FD-F564-49DA-B043-5943308BA9EE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", matchCriteriaId: "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", matchCriteriaId: "9B89180B-FB68-4DD8-B076-16E51CC7FB91", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", matchCriteriaId: "4C986592-4086-4A39-9767-EF34DBAA6A53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", matchCriteriaId: "7B23181C-03DB-4E92-B3F6-6B585B5231B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", matchCriteriaId: "94D9EC1C-4843-4026-9B05-E060E9391734", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", matchCriteriaId: "036FB24F-7D86-4730-8BC9-722875BEC807", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "080F38F5-0A51-43BC-BC66-98545B31A0F2", versionEndExcluding: "0.10.47", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "F90AAE35-9B46-4FEA-AF3A-5F28761EAC4D", versionEndExcluding: "0.12.16", versionStartIncluding: "0.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "A47FC4F7-1F77-4314-B4B3-3C5D8E335379", versionEndIncluding: "4.1.2", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "303F780C-C971-4216-86D6-5026AAD56279", versionEndExcluding: "4.6.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "121E5D5D-B4D9-43F3-B5C9-74590192FAF1", versionEndIncluding: "5.12.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "8291D42E-9E50-414D-9752-D70906D512B2", versionEndExcluding: "6.7.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", }, { lang: "es", value: "El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_srvr.c.", }, ], id: "CVE-2016-6306", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-26T19:59:02.910", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93153", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036885", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "secalert@redhat.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K90492697", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K90492697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-21", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| openssl | openssl | 1.0.2h | |
| openssl | openssl | 1.1.0 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1a | |
| openssl | openssl | 1.0.1b | |
| openssl | openssl | 1.0.1c | |
| openssl | openssl | 1.0.1d | |
| openssl | openssl | 1.0.1e | |
| openssl | openssl | 1.0.1f | |
| openssl | openssl | 1.0.1g | |
| openssl | openssl | 1.0.1h | |
| openssl | openssl | 1.0.1i | |
| openssl | openssl | 1.0.1j | |
| openssl | openssl | 1.0.1k | |
| openssl | openssl | 1.0.1l | |
| openssl | openssl | 1.0.1m | |
| openssl | openssl | 1.0.1n | |
| openssl | openssl | 1.0.1o | |
| openssl | openssl | 1.0.1p | |
| openssl | openssl | 1.0.1q | |
| openssl | openssl | 1.0.1r | |
| openssl | openssl | 1.0.1s | |
| openssl | openssl | 1.0.1t | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| novell | suse_linux_enterprise_module_for_web_scripting | 12.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", matchCriteriaId: "18797BEE-417D-4959-9AAD-C5A7C051B524", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", matchCriteriaId: "6FAA3C31-BD9D-45A9-A502-837FECA6D479", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", matchCriteriaId: "6455A421-9956-4846-AC7C-3431E0D37D23", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", matchCriteriaId: "60F946FD-F564-49DA-B043-5943308BA9EE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", matchCriteriaId: "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", matchCriteriaId: "9B89180B-FB68-4DD8-B076-16E51CC7FB91", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", matchCriteriaId: "4C986592-4086-4A39-9767-EF34DBAA6A53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", matchCriteriaId: "7B23181C-03DB-4E92-B3F6-6B585B5231B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", matchCriteriaId: "94D9EC1C-4843-4026-9B05-E060E9391734", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", matchCriteriaId: "036FB24F-7D86-4730-8BC9-722875BEC807", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "73104834-5810-48DD-9B97-549D223853F1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", matchCriteriaId: "21F16D65-8A46-4AC7-8970-73AB700035FB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", matchCriteriaId: "92F393FF-7E6F-4671-BFBF-060162E12659", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", matchCriteriaId: "E1B85A09-CF8D-409D-966E-168F9959F6F6", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", matchCriteriaId: "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", matchCriteriaId: "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", matchCriteriaId: "A74A79A7-4FAF-4C81-8622-050008B96AE1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", matchCriteriaId: "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", matchCriteriaId: "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", matchCriteriaId: "E884B241-F9C3-44F8-A420-DE65F5F3D660", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", matchCriteriaId: "3A383620-B4F7-44A7-85DA-A4FF2E115D80", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", matchCriteriaId: "5F0C6812-F455-49CF-B29B-9AC00306DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", matchCriteriaId: "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", matchCriteriaId: "3703E445-17C0-4C85-A496-A35641C0C8DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", matchCriteriaId: "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", matchCriteriaId: "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", matchCriteriaId: "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", matchCriteriaId: "A9EC827B-5313-47D7-BF49-CFF033CF3D53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", matchCriteriaId: "A438E65F-33B1-46BC-AD93-200DCC6B43D4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", matchCriteriaId: "4BFDCF78-62C1-429E-A43C-0C9FEC14837D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", matchCriteriaId: "6A0B4DEF-C6E8-4243-9893-6E650013600C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", matchCriteriaId: "E28CD4F7-522F-4ECA-9035-228596CDE769", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", matchCriteriaId: "A491B32F-31F0-4151-AE9B-313CBF2C060D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", matchCriteriaId: "0AF4953B-BB23-4C80-8C48-9E94EB234AAE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "080F38F5-0A51-43BC-BC66-98545B31A0F2", versionEndExcluding: "0.10.47", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "F90AAE35-9B46-4FEA-AF3A-5F28761EAC4D", versionEndExcluding: "0.12.16", versionStartIncluding: "0.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "6B1DA9AA-EB7B-4CFB-A412-45309A41230C", versionEndExcluding: "4.6.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "8291D42E-9E50-414D-9752-D70906D512B2", versionEndExcluding: "6.7.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F788DAEB-9865-45DE-B18A-FDD43E1EBB9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.", }, { lang: "es", value: "Múltiples fugas de memoria en t1_lib.c en OpenSSL en versiones anteriores a 1.0.1u, 1.0.2 en versiones anteriores a 1.0.2i y 1.1.0 en versiones anteriores a 1.1.0a permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de grandes extensiones OCSP Status Request", }, ], id: "CVE-2016-6304", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-26T19:59:00.157", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2802.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Dec/47", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Oct/62", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93150", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036878", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037640", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "secalert@redhat.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2802.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Dec/47", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Oct/62", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-21", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F788DAEB-9865-45DE-B18A-FDD43E1EBB9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*", matchCriteriaId: "FDF148A3-1AA7-4F27-85AB-414C609C626F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "A47FC4F7-1F77-4314-B4B3-3C5D8E335379", versionEndIncluding: "4.1.2", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "303F780C-C971-4216-86D6-5026AAD56279", versionEndExcluding: "4.6.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "8291D42E-9E50-414D-9752-D70906D512B2", versionEndExcluding: "6.7.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.", }, { lang: "es", value: "crypto/x509/x509_vfy.c en OpenSSL 1.0.2i permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) desencadenando una operación CRL.", }, ], id: "CVE-2016-7052", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-26T19:59:07.533", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93171", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036885", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "cve@mitre.org", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160926.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-19", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160926.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2016-7052 (GCVE-0-2016-7052)
Vulnerability from cvelistv5
Published
2016-09-26 19:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:50:47.317Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-20", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160926.txt", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-16", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { name: "1036885", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036885", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-16", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-19", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "FreeBSD-SA-16:27", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "93171", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93171", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-26T00:00:00", descriptions: [ { lang: "en", value: "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-11T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2016-20", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20160926.txt", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201612-16", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { name: "1036885", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036885", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2016-16", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2016-19", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "FreeBSD-SA-16:27", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "93171", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93171", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-7052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/tns-2016-20", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2016-20", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "https://www.openssl.org/news/secadv/20160926.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20160926.txt", }, { name: "GLSA-201612-16", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201612-16", }, { name: "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e", refsource: "CONFIRM", url: "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { name: "1036885", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036885", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { name: "https://www.tenable.com/security/tns-2016-16", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2016-16", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "https://www.tenable.com/security/tns-2016-19", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2016-19", }, { name: "https://bto.bluecoat.com/security-advisory/sa132", refsource: "CONFIRM", url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "FreeBSD-SA-16:27", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "93171", refsource: "BID", url: "http://www.securityfocus.com/bid/93171", }, { name: "SUSE-SU-2016:2470", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-7052", datePublished: "2016-09-26T19:00:00", dateReserved: "2016-08-23T00:00:00", dateUpdated: "2024-08-06T01:50:47.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-6304 (GCVE-0-2016-6304)
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:29:18.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-20", }, { tags: [ "x_transferred", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2017:1659", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { name: "RHSA-2017:1658", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "93150", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/93150", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "RHSA-2016:2802", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2802.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-16", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { name: "1036878", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1036878", }, { tags: [ "x_transferred", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { name: "RHSA-2017:1413", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-16", }, { name: "RHSA-2017:2494", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { name: "1037640", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1037640", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-21", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "RHSA-2017:1414", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "RHSA-2017:1415", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { name: "RHSA-2017:2493", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Oct/62", }, { name: "USN-3087-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Dec/47", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { name: "DSA-3673", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { name: "openSUSE-SU-2016:2788", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "openSUSE-SU-2016:2769", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html", }, { name: "openSUSE-SU-2016:2496", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { tags: [ "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-22T00:00:00", descriptions: [ { lang: "en", value: "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.openssl.org/news/secadv/20160922.txt", }, { url: "https://www.tenable.com/security/tns-2016-20", }, { url: "http://www.splunk.com/view/SP-CAAAPUE", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2017:1659", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { name: "RHSA-2017:1658", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "93150", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/93150", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "RHSA-2016:2802", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2802.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { name: "1036878", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1036878", }, { url: "http://www.splunk.com/view/SP-CAAAPSV", }, { name: "RHSA-2017:1413", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { url: "https://www.tenable.com/security/tns-2016-16", }, { name: "RHSA-2017:2494", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { name: "1037640", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1037640", }, { url: "https://www.tenable.com/security/tns-2016-21", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "RHSA-2017:1414", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "RHSA-2017:1415", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { name: "RHSA-2017:2493", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2016/Oct/62", }, { name: "USN-3087-2", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2016/Dec/47", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { name: "DSA-3673", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { url: "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { name: "openSUSE-SU-2016:2788", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "openSUSE-SU-2016:2769", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html", }, { name: "openSUSE-SU-2016:2496", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-6304", datePublished: "2016-09-26T00:00:00", dateReserved: "2016-07-26T00:00:00", dateUpdated: "2024-08-06T01:29:18.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-6306 (GCVE-0-2016-6306)
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:29:18.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-20", }, { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { name: "93153", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/93153", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-16", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { name: "1036885", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1036885", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-16", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-21", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { name: "DSA-3673", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { tags: [ "x_transferred", ], url: "https://support.f5.com/csp/article/K90492697", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "openSUSE-SU-2016:2496", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { tags: [ "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { tags: [ "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-22T00:00:00", descriptions: [ { lang: "en", value: "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.tenable.com/security/tns-2016-20", }, { name: "RHSA-2018:2185", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { name: "93153", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/93153", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { name: "1036885", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1036885", }, { url: "https://www.tenable.com/security/tns-2016-16", }, { url: "https://www.tenable.com/security/tns-2016-21", }, { url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { name: "DSA-3673", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { url: "https://support.f5.com/csp/article/K90492697", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "openSUSE-SU-2016:2496", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { url: "https://www.openssl.org/news/secadv/20160922.txt", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-6306", datePublished: "2016-09-26T00:00:00", dateReserved: "2016-07-26T00:00:00", dateUpdated: "2024-08-06T01:29:18.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }