csaf_certbund - wid-sec-w-2024-0209

wid-sec-w-2024-0209

Vulnerability from csaf_certbund

Published

2016-09-22 22:00

Modified

2024-01-25 23:00

Summary

OpenSSL: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial of Service Angriff durchzuführen oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - CISCO Appliance - Juniper Appliance - F5 Networks - Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial of Service Angriff durchzuf\u00fchren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Juniper Appliance\n- F5 Networks\n- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0209 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0209.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0209 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0209"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory vom 2016-09-22",
        "url": "https://www.openssl.org/news/secadv/20160922.txt"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FREEBSD-SA-16:26.OPENSSL vom 2016-09-23",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3087-2 vom 2016-09-23",
        "url": "http://www.ubuntu.com/usn/usn-3087-2/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update Announcement ID SUSE-SU-2016:2387-1",
        "url": "https://www.suse.com/de-de/support/update/announcement/2016/suse-su-20162387-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:1940 vom 2016-09-27",
        "url": "https://access.redhat.com/errata/RHSA-2016:1940"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2394-1 vom 2016-09-27",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162394-1.html"
      },
      {
        "category": "external",
        "summary": "CISCO Security Advisory CISCO-SA-20160927-OPENSSL vom 2016-09-27",
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl?vs_f=Cisco%20Security%20Advisory\u0026vs_cat=Security%20Intelligence\u0026vs_type=RSS\u0026vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20September%202016\u0026vs_k=1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2458-1 vom 2016-10-05",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162458-1.html"
      },
      {
        "category": "external",
        "summary": "Arista Security Advisory 0024 vom 2016-10-05",
        "url": "http://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory sol13167034 vom 2016-10-05",
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/13/sol13167034.html?ref=rss"
      },
      {
        "category": "external",
        "summary": "Blue Coat Security Advisory sa13 vom 2016-10-06",
        "url": "https://kb.bluecoat.com/security-advisory/sa132"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2468-1 vom 2016-10-07",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162468-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2469-1 vom 2016-10-07",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162469-1.html"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin JSA10759 vom 2016-10-14",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759\u0026cat=SIRT_1\u0026actp=LIST"
      },
      {
        "category": "external",
        "summary": "Update des CISCO Security Advisory CISCO-SA-20160927-OPENSSL vom 2016-10-19",
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl?vs_f=Cisco%20Security%20Advisory\u0026vs_cat=Security%20Intelligence\u0026vs_type=RSS\u0026vs_p=Multiple%20Vulnerabilities%20in%20OpenSSL%20Affecting%20Cisco%20Products:%20September%202016\u0026vs_k=1"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory sol90492697 vom 2016-10-24",
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/90/sol90492697.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2545-1 vom 2016-10-25",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162545-1.html"
      },
      {
        "category": "external",
        "summary": "Tenable Advisory ID TNS-2016-16 vom 2016-10-25",
        "url": "http://www.tenable.com/security/tns-2016-16"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory sol59298921 vom 2016-10-30",
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/59/sol59298921.html?ref=rss"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory SOL23512141 vom 2016-11-01",
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/23/sol23512141.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2470-2 vom 2016-11-01",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162470-2.html"
      },
      {
        "category": "external",
        "summary": "HPE SECURITY BULLETIN c05323116 vom 2016-11-01",
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05323116"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory SOL01276005 vom 2016-11-04",
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/01/sol01276005.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory SOL02652550 vom 2016-11-14",
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/02/sol02652550.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:2802 vom 2016-11-18",
        "url": "https://access.redhat.com/errata/RHSA-2016:2802"
      },
      {
        "category": "external",
        "summary": "BLUECOAT Security Advisory SA135 vom 2016-12-01",
        "url": "https://bto.bluecoat.com/security-advisory/sa135"
      },
      {
        "category": "external",
        "summary": "Xerox Mini Bulletin XRX16AF vom 2016-12-04",
        "url": "https://www.xerox.com/download/security/security-bulletin/1cf9a-54159c674d1b0/cert_Security_Mini-_Bulletin_XRX16AF_for_PH3635_v1-0.pdf"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory RHSA-2016-2957",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-2957.html"
      },
      {
        "category": "external",
        "summary": "BLUECOAT Security Advisory SA137 vom 2016-12-20",
        "url": "https://bto.bluecoat.com/security-advisory/sa137"
      },
      {
        "category": "external",
        "summary": "BLUECOAT Security Advisory SA133 vom 2016-12-23",
        "url": "https://bto.bluecoat.com/security-advisory/sa133"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA10774 vom 2017-01-12",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA10770 vom 2017-01-12",
        "url": "http://www.auscert.org.au/render.html?it=42842"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin c05369403",
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0193 vom 2017-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2017:0193"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0194 vom 2017-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2017:0194"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3181-1 vom 2017-01-31",
        "url": "http://www.ubuntu.com/usn/usn-3181-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0460-1 vom 2017-02-14",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0462 vom 2017-03-08",
        "url": "https://access.redhat.com/errata/RHSA-2017:0462"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin XRX17-006 vom 2017-03-08",
        "url": "https://www.xerox.com/download/security/security-bulletin/2efe6-54a395387fa39/cert_XRX17-006_FFPSv8_UpdateManager_Mar2017.pdf"
      },
      {
        "category": "external",
        "summary": "Xerox Security Bulletin XRX17-005 vom 2017-03-08",
        "url": "https://www.xerox.com/download/security/security-bulletin/312e6-54a3954424112/cert_XRX17-005_FFPSv7_v9_UpdateManager_Mar2017.pdf"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0719-1 vom 2017-03-17",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170719-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0716-1 vom 2017-03-17",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170716-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0726-1 vom 2017-03-17",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170726-1.html"
      },
      {
        "category": "external",
        "summary": "Fortinet Security Advisory FG-IR-16-048 vom 2017-04-06",
        "url": "http://fortiguard.com/psirt/FG-IR-16-048"
      },
      {
        "category": "external",
        "summary": "NetApp Advisory Number NTAP-20160928-0001 vom 2017-04-06",
        "url": "https://kb.netapp.com/support/s/article/ka51A00000007QeQAI/NTAP-20160928-0001?language=en_US"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1414 vom 2017-06-07",
        "url": "https://access.redhat.com/errata/RHSA-2017:1414"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1413 vom 2017-06-07",
        "url": "https://access.redhat.com/errata/RHSA-2017:1413"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1415 vom 2017-06-08",
        "url": "https://rhn.redhat.com/errata/RHSA-2017-1415.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1658 vom 2017-06-29",
        "url": "https://access.redhat.com/errata/RHSA-2017:1658"
      },
      {
        "category": "external",
        "summary": "HPE SECURITY BULLETIN hpesbgn03765en_us vom 2017-08-31",
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03765en_us"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2710 vom 2017-09-13",
        "url": "https://access.redhat.com/errata/RHSA-2017:2710"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2709 vom 2017-09-13",
        "url": "https://access.redhat.com/errata/RHSA-2017:2709"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2708 vom 2017-09-13",
        "url": "https://access.redhat.com/errata/RHSA-2017:2708"
      },
      {
        "category": "external",
        "summary": "Xerox Mini Bulletin XRX17AD vom 2017-09-28",
        "url": "https://security.business.xerox.com/wp-content/uploads/2017/09/cert_Security_Mini-_Bulletin_XRX17AD_for_PH3635_v1.0.pdf"
      },
      {
        "category": "external",
        "summary": "Xerox Mini Bulletin XRX17AE vom 2017-09-28",
        "url": "https://security.business.xerox.com/wp-content/uploads/2017/09/cert_Security_Mini-_Bulletin_XRX17AE_for_WC3325_v1.0.pdf"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:3114 vom 2017-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2017:3114"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:3113 vom 2017-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2017:3113"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K53084033 vom 2017-11-06",
        "url": "https://support.f5.com/csp/article/K53084033"
      },
      {
        "category": "external",
        "summary": "McAfee Security Bulletin:SB10215",
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20160915-0001 vom 2018-01-30",
        "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2123 vom 2018-07-03",
        "url": "http://rhn.redhat.com/errata/RHSA-2018-2123.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2185 vom 2018-07-13",
        "url": "https://access.redhat.com/errata/RHSA-2018:2185"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2018:2123 vom 2018-07-13",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2018-2123-Moderate-CentOS-7-python-Security-Update-tp4645172.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20170119-0001 vom 2019-02-07",
        "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4581 vom 2019-03-13",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4581.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1245 vom 2019-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2019:1245"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4747 vom 2019-08-16",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4747.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2859 vom 2019-09-27",
        "url": "https://access.redhat.com/errata/RHSA-2019:2859"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory 542344 vom 2020-03-31",
        "url": "https://www.dell.com/support/security/de-de/details/542344/DSA-2020-072-Dell-EMC-VNX2-Family-Security-Update-for-Multiple-Third-Party-Component-Vulnerabilit"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9150 vom 2021-04-01",
        "url": "https://linux.oracle.com/errata/ELSA-2021-9150.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K90492697 vom 2021-05-18",
        "url": "https://support.f5.com/csp/article/K90492697"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9272 vom 2022-04-08",
        "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html"
      },
      {
        "category": "external",
        "summary": "Dell Knowledge Base Article",
        "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-25T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:58:04.986+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0209",
      "initial_release_date": "2016-09-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-09-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-09-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-09-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2016-09-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-09-26T22:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2016-09-26T22:00:00.000+00:00",
          "number": "6",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-09-27T22:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2016-09-27T22:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "10",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "11",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "12",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "13",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "14",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "15",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-05T22:00:00.000+00:00",
          "number": "16",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-06T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-06T22:00:00.000+00:00",
          "number": "18",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-06T22:00:00.000+00:00",
          "number": "19",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-16T22:00:00.000+00:00",
          "number": "20",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-16T22:00:00.000+00:00",
          "number": "21",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-16T22:00:00.000+00:00",
          "number": "22",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-16T22:00:00.000+00:00",
          "number": "23",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-16T22:00:00.000+00:00",
          "number": "24",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-16T22:00:00.000+00:00",
          "number": "25",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-16T22:00:00.000+00:00",
          "number": "26",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-24T22:00:00.000+00:00",
          "number": "27",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-25T22:00:00.000+00:00",
          "number": "28",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-25T22:00:00.000+00:00",
          "number": "29",
          "summary": "New remediations available"
        },
        {
          "date": "2016-10-25T22:00:00.000+00:00",
          "number": "30",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-25T22:00:00.000+00:00",
          "number": "31",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-10-31T23:00:00.000+00:00",
          "number": "32",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-01T23:00:00.000+00:00",
          "number": "33",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-01T23:00:00.000+00:00",
          "number": "34",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-01T23:00:00.000+00:00",
          "number": "35",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-01T23:00:00.000+00:00",
          "number": "36",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-06T23:00:00.000+00:00",
          "number": "37",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-06T23:00:00.000+00:00",
          "number": "38",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-14T23:00:00.000+00:00",
          "number": "39",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-17T23:00:00.000+00:00",
          "number": "40",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-17T23:00:00.000+00:00",
          "number": "41",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-17T23:00:00.000+00:00",
          "number": "42",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-30T23:00:00.000+00:00",
          "number": "43",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-30T23:00:00.000+00:00",
          "number": "44",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-30T23:00:00.000+00:00",
          "number": "45",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-12-18T23:00:00.000+00:00",
          "number": "46",
          "summary": "New remediations available"
        },
        {
          "date": "2016-12-20T23:00:00.000+00:00",
          "number": "47",
          "summary": "New remediations available"
        },
        {
          "date": "2016-12-22T23:00:00.000+00:00",
          "number": "48",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-11T23:00:00.000+00:00",
          "number": "49",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-12T23:00:00.000+00:00",
          "number": "50",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-12T23:00:00.000+00:00",
          "number": "51",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-01-25T23:00:00.000+00:00",
          "number": "52",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-31T23:00:00.000+00:00",
          "number": "53",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-14T23:00:00.000+00:00",
          "number": "54",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-08T23:00:00.000+00:00",
          "number": "55",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-08T23:00:00.000+00:00",
          "number": "56",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-08T23:00:00.000+00:00",
          "number": "57",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-03-08T23:00:00.000+00:00",
          "number": "58",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-19T23:00:00.000+00:00",
          "number": "59",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-19T23:00:00.000+00:00",
          "number": "60",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-03-19T23:00:00.000+00:00",
          "number": "61",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-06-07T22:00:00.000+00:00",
          "number": "62",
          "summary": "New remediations available"
        },
        {
          "date": "2017-06-07T22:00:00.000+00:00",
          "number": "63",
          "summary": "New remediations available"
        },
        {
          "date": "2017-06-28T22:00:00.000+00:00",
          "number": "64",
          "summary": "New remediations available"
        },
        {
          "date": "2017-07-05T22:00:00.000+00:00",
          "number": "65",
          "summary": "Added references"
        },
        {
          "date": "2017-08-31T22:00:00.000+00:00",
          "number": "66",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-09-13T22:00:00.000+00:00",
          "number": "67",
          "summary": "New remediations available"
        },
        {
          "date": "2017-09-13T22:00:00.000+00:00",
          "number": "68",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-11-02T23:00:00.000+00:00",
          "number": "69",
          "summary": "New remediations available"
        },
        {
          "date": "2017-11-05T23:00:00.000+00:00",
          "number": "70",
          "summary": "New remediations available"
        },
        {
          "date": "2017-12-07T23:00:00.000+00:00",
          "number": "71",
          "summary": "New remediations available"
        },
        {
          "date": "2018-01-30T23:00:00.000+00:00",
          "number": "72",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-03T22:00:00.000+00:00",
          "number": "73",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-12T22:00:00.000+00:00",
          "number": "74",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-15T22:00:00.000+00:00",
          "number": "75",
          "summary": "New remediations available"
        },
        {
          "date": "2018-11-05T23:00:00.000+00:00",
          "number": "76",
          "summary": "Added references"
        },
        {
          "date": "2019-02-07T23:00:00.000+00:00",
          "number": "77",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2019-03-13T23:00:00.000+00:00",
          "number": "78",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-05-20T22:00:00.000+00:00",
          "number": "79",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-08-18T22:00:00.000+00:00",
          "number": "80",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-09-26T22:00:00.000+00:00",
          "number": "81",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-03-30T22:00:00.000+00:00",
          "number": "82",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2021-03-31T22:00:00.000+00:00",
          "number": "83",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-05-17T22:00:00.000+00:00",
          "number": "84",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2022-04-10T22:00:00.000+00:00",
          "number": "85",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "86",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "86"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Arista EOS",
            "product": {
              "name": "Arista EOS",
              "product_id": "T006486",
              "product_identification_helper": {
                "cpe": "cpe:/o:arista:arista_eos:4.15"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Arista"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco Advanced Malware Protection",
            "product": {
              "name": "Cisco Advanced Malware Protection",
              "product_id": "T007044",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:advanced_malware_protection:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco AnyConnect Secure Mobility Solution",
            "product": {
              "name": "Cisco AnyConnect Secure Mobility Solution",
              "product_id": "148715",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:anyconnect_secure_mobility_client:2.0"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Email Security Appliance",
            "product": {
              "name": "Cisco Email Security Appliance",
              "product_id": "196900",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:email_security_appliance:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Emergency Responder (ER)",
            "product": {
              "name": "Cisco Emergency Responder (ER)",
              "product_id": "2040",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:emergency_responder:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco IOS",
            "product": {
              "name": "Cisco IOS",
              "product_id": "18557",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:ios:10.0"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco IOS XE",
            "product": {
              "name": "Cisco IOS XE",
              "product_id": "153141",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:ios_xe:3.1.0s"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco IP Phone",
            "product": {
              "name": "Cisco IP Phone",
              "product_id": "2070",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:ip_phone:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco MDS 9000",
            "product": {
              "name": "Cisco MDS 9000",
              "product_id": "T001069",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:mds_9000:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Network Analysis Module",
            "product": {
              "name": "Cisco Network Analysis Module",
              "product_id": "2084",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:network_analysis_module:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Nexus 2000",
            "product": {
              "name": "Cisco Nexus 2000",
              "product_id": "T003851",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:nexus:3000"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Packet Tracer",
            "product": {
              "name": "Cisco Packet Tracer",
              "product_id": "131351",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:packet_tracer:5.2"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Prime Collaboration",
            "product": {
              "name": "Cisco Prime Collaboration",
              "product_id": "190829",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:prime_collaboration:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Prime Infrastructure",
            "product": {
              "name": "Cisco Prime Infrastructure",
              "product_id": "T000756",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:prime_infrastructure:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Secure Access Control Server (ACS)",
            "product": {
              "name": "Cisco Secure Access Control Server (ACS)",
              "product_id": "138491",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:secure_access_control_server:2.1%284%29:-:windows"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Security Manager (CSM)",
            "product": {
              "name": "Cisco Security Manager (CSM)",
              "product_id": "95918",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:security_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Show and Share",
            "product": {
              "name": "Cisco Show and Share",
              "product_id": "T003254",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:show_and_share:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Communications Domain Manager (CUCDM)",
            "product": {
              "name": "Cisco Unified Communications Domain Manager (CUCDM)",
              "product_id": "189046",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_communications_domain_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Communications Manager (CUCM)",
            "product": {
              "name": "Cisco Unified Communications Manager (CUCM)",
              "product_id": "2142",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_communications_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Contact Center Enterprise",
            "product": {
              "name": "Cisco Unified Contact Center Enterprise",
              "product_id": "2143",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified IP Phone",
            "product": {
              "name": "Cisco Unified IP Phone",
              "product_id": "T001530",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:unified_ip_phones:::9900_series"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unity Connection",
            "product": {
              "name": "Cisco Unity Connection",
              "product_id": "161504",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unity_connection:1.1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unity Express",
            "product": {
              "name": "Cisco Unity Express",
              "product_id": "2002",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:unity_express:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco WebEx Meeting Center",
            "product": {
              "name": "Cisco WebEx Meeting Center",
              "product_id": "T002323",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:webex_meeting_center:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco WebEx Meetings Server",
            "product": {
              "name": "Cisco WebEx Meetings Server",
              "product_id": "T001160",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:webex_meetings_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Wide Area Application Services",
            "product": {
              "name": "Cisco Wide Area Application Services",
              "product_id": "2186",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:wide_area_application_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Wireless LAN Controllers",
            "product": {
              "name": "Cisco Wireless LAN Controllers",
              "product_id": "1889",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:wireless_lan_controllers:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux Jessie (8.0)",
            "product": {
              "name": "Debian Linux Jessie (8.0)",
              "product_id": "310725",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:8.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker \u003c 19.10",
            "product": {
              "name": "Dell NetWorker \u003c 19.10",
              "product_id": "T032354",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:19.10"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fortinet FortiOS",
            "product": {
              "name": "Fortinet FortiOS",
              "product_id": "T009615",
              "product_identification_helper": {
                "cpe": "cpe:/o:fortinet:fortios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "FreeBSD Project FreeBSD OS 9",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 9",
                  "product_id": "157037",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:9.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FreeBSD Project FreeBSD OS 9.3",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 9.3",
                  "product_id": "T003390",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:9.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FreeBSD Project FreeBSD OS 10 - 10.3",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 10 - 10.3",
                  "product_id": "T007633",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:10.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FreeBSD Project FreeBSD OS 11 - 11.0",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 11 - 11.0",
                  "product_id": "T008147",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeBSD OS"
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE Integrated Lights-Out 4",
            "product": {
              "name": "HPE Integrated Lights-Out 4",
              "product_id": "205828",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:integrated_lights-out:4.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "5930",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper Junos Space",
            "product": {
              "name": "Juniper Junos Space",
              "product_id": "T003343",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:junos_space:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper ScreenOS",
            "product": {
              "name": "Juniper ScreenOS",
              "product_id": "T008638",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:screenos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp OnCommand Unified Manager",
            "product": {
              "name": "NetApp OnCommand Unified Manager",
              "product_id": "T009408",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:oncommand_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source OpenSSL \u003c 1.1.0a",
                "product": {
                  "name": "Open Source OpenSSL \u003c 1.1.0a",
                  "product_id": "T008528",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.1.0a"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source OpenSSL \u003c 1.0.2i",
                "product": {
                  "name": "Open Source OpenSSL \u003c 1.0.2i",
                  "product_id": "T008529",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.0.2i"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source OpenSSL \u003c 1.0.1u",
                "product": {
                  "name": "Open Source OpenSSL \u003c 1.0.1u",
                  "product_id": "T008530",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.0.1u"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenSSL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Tenable Security Nessus 6.8 - 6.8.2",
            "product": {
              "name": "Tenable Security Nessus 6.8 - 6.8.2",
              "product_id": "T008769",
              "product_identification_helper": {
                "cpe": "cpe:/a:tenable:nessus:6.8.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Tenable Security"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Ubuntu Linux 12.04 LTS",
                "product": {
                  "name": "Ubuntu Linux 12.04 LTS",
                  "product_id": "170497",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Ubuntu Linux 14.04 LTS",
                "product": {
                  "name": "Ubuntu Linux 14.04 LTS",
                  "product_id": "T003005",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Ubuntu Linux 16.04 LTS",
                "product": {
                  "name": "Ubuntu Linux 16.04 LTS",
                  "product_id": "T007521",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:16.04_lts"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Xerox FreeFlow Print Server",
            "product": {
              "name": "Xerox FreeFlow Print Server",
              "product_id": "T000700",
              "product_identification_helper": {
                "cpe": "cpe:/a:xerox:freeflow_print_server:8"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Xerox Phaser",
            "product": {
              "name": "Xerox Phaser",
              "product_id": "T004484",
              "product_identification_helper": {
                "cpe": "cpe:/h:xerox:phaser:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Xerox WorkCentre",
            "product": {
              "name": "Xerox WorkCentre",
              "product_id": "T000855",
              "product_identification_helper": {
                "cpe": "cpe:/h:xerox:workcentre:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Blue Coat Director 6.1",
            "product": {
              "name": "Blue Coat Director 6.1",
              "product_id": "T006616",
              "product_identification_helper": {
                "cpe": "cpe:/a:bluecoat:director:6.1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Blue Coat ProxyAV 3.5",
            "product": {
              "name": "Blue Coat ProxyAV 3.5",
              "product_id": "T003290",
              "product_identification_helper": {
                "cpe": "cpe:/h:bluecoat:proxyav:3.5"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Blue Coat ProxySG 6.6",
                "product": {
                  "name": "Blue Coat ProxySG 6.6",
                  "product_id": "T006617",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:bluecoat:proxysg:6.6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Blue Coat ProxySG 6.5",
                "product": {
                  "name": "Blue Coat ProxySG 6.5",
                  "product_id": "T006618",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:bluecoat:proxysg:6.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "proxysg"
          }
        ],
        "category": "vendor",
        "name": "bluecoat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco Aironet Access Point",
            "product": {
              "name": "Cisco Aironet Access Point",
              "product_id": "177610",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:aironet_3500:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco ACE",
            "product": {
              "name": "Cisco ACE",
              "product_id": "171387",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:application_control_engine_software:a1%287%29"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Application Networking Manager",
            "product": {
              "name": "Cisco Application Networking Manager",
              "product_id": "T000614",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:application_networking_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Digital Media Manager",
            "product": {
              "name": "Cisco Digital Media Manager",
              "product_id": "201470",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:digital_media_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Intrusion Prevention System (IPS)",
            "product": {
              "name": "Cisco Intrusion Prevention System (IPS)",
              "product_id": "2056",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:intrusion_prevention_system:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Nexus 1000V",
            "product": {
              "name": "Cisco Nexus 1000V",
              "product_id": "160893",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:nexus_1000v:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Nexus 5000",
            "product": {
              "name": "Cisco Nexus 5000",
              "product_id": "110496",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:nexus_5000:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Nexus 6000",
            "product": {
              "name": "Cisco Nexus 6000",
              "product_id": "T004721",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:nexus_6000:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Nexus 7000",
            "product": {
              "name": "Cisco Nexus 7000",
              "product_id": "110495",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:nexus_7000:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Nexus 9000",
            "product": {
              "name": "Cisco Nexus 9000",
              "product_id": "T004723",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:nexus_9000:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco ONS",
            "product": {
              "name": "Cisco ONS",
              "product_id": "T002252",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:ons:15454"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Small Business 300 Series Managed Switches",
            "product": {
              "name": "Cisco Small Business 300 Series Managed Switches",
              "product_id": "T000752",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:small_business_300_series_managed_switches:1.2.7.76"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence",
            "product": {
              "name": "Cisco TelePresence",
              "product_id": "161441",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence_video_communication_server:-::control"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Contact Center Express (UCCX)",
            "product": {
              "name": "Cisco Unified Contact Center Express (UCCX)",
              "product_id": "T003053",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:unified_contact_center_express:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified MeetingPlace (MP)",
            "product": {
              "name": "Cisco Unified MeetingPlace (MP)",
              "product_id": "2153",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_meetingplace:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Video Surveillance",
            "product": {
              "name": "Cisco Video Surveillance",
              "product_id": "64489",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:video_surveillance_ip_gateway_encoder_decoder:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco WebEx Node for MCS",
            "product": {
              "name": "Cisco WebEx Node for MCS",
              "product_id": "T001162",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:webex_node_for_mcs:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 ARX 6.2.0 - 6.4.0",
            "product": {
              "name": "F5 ARX 6.2.0 - 6.4.0",
              "product_id": "T001664",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:arx:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "F5 WAN Optimization Manager",
            "product": {
              "name": "F5 WAN Optimization Manager",
              "product_id": "T001721",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip_wan_optimization_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "F5 WebAccelerator",
            "product": {
              "name": "F5 WebAccelerator",
              "product_id": "T001411",
              "product_identification_helper": {
                "cpe": "cpe:/h:f5:big-ip_webaccelerator:10.2.4"
              }
            }
          },
          {
            "category": "product_name",
            "name": "F5 FirePass",
            "product": {
              "name": "F5 FirePass",
              "product_id": "T001665",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:firepass:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "f5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE Loadrunner Software",
            "product": {
              "name": "HPE Loadrunner Software",
              "product_id": "72612",
              "product_identification_helper": {
                "cpe": "cpe:/a:hp:loadrunner:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "HPE Performance Center",
            "product": {
              "name": "HPE Performance Center",
              "product_id": "T010661",
              "product_identification_helper": {
                "cpe": "cpe:/a:hp:performance_center:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "HPE SiteScope",
            "product": {
              "name": "HPE SiteScope",
              "product_id": "T008871",
              "product_identification_helper": {
                "cpe": "cpe:/a:hp:sitescope:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "hp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux Enterprise Server",
            "product": {
              "name": "SUSE Linux Enterprise Server",
              "product_id": "T008429",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:linux_enterprise_server:12:ltss"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "suse"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-2183",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL im Zusammenhang mit verschl\u00fcsselten Sessions, die mit dem Verschl\u00fcsselungsalgorithmus Triple-DES (3DES) im Cipher Block Chaining (CBC) Modus chiffriert werden. Diese Schwachstelle beruht darauf, dass 3DES auf einer Blockgr\u00f6\u00dfe von 64 Bit basiert und aufgrund des Geburtstagsparadoxons bei gr\u00f6\u00dferen Datenmengen deshalb mit hoher Wahrscheinlichkeit Kollisionen im CBC Modus auftreten. In der Folge kann ein Angreifer, welcher sich in einer \"Man-in-the-Middle\" Position befindet und in der Lage ist gen\u00fcgend Datenverkehr mithilfe eines Known Plaintext Angriffs (Angreifer besitzt Geheimtext und den zugeh\u00f6rigen Klartext) zu generieren bzw. mitzulesen, diese Schwachstelle ausnutzen, um einen Kollisionsangriff durchzuf\u00fchren und verschl\u00fcsselte Inhalte offenzulegen. Voraussetzung f\u00fcr einen erfolgreichen Angriff ist, dass bei der Verschl\u00fcsselung der CBC Modus verwendet wurde und die mitgelesenen verschl\u00fcsselten Daten mit dem gleichen Session Schl\u00fcssel chiffriert wurden. Diese Angriffsmethode wird auch \"SWEET32\" genannt."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-2183"
    },
    {
      "cve": "CVE-2016-2177",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-2177"
    },
    {
      "cve": "CVE-2016-2179",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-2179"
    },
    {
      "cve": "CVE-2016-2180",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-2180"
    },
    {
      "cve": "CVE-2016-2181",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-2181"
    },
    {
      "cve": "CVE-2016-2182",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-2182"
    },
    {
      "cve": "CVE-2016-6302",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-6302"
    },
    {
      "cve": "CVE-2016-6303",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-6303"
    },
    {
      "cve": "CVE-2016-6304",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-6304"
    },
    {
      "cve": "CVE-2016-6305",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-6305"
    },
    {
      "cve": "CVE-2016-6306",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-6306"
    },
    {
      "cve": "CVE-2016-6307",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-6307"
    },
    {
      "cve": "CVE-2016-6308",
      "notes": [
        {
          "category": "description",
          "text": "In OpenSSL existieren mehrere Denial of Service Schwachstellen. Diese Schwachstellen werden u.a. verursacht durch eine fehlerhafte Programmlogik von OpenSSL, fehlerhafte L\u00e4ngenpr\u00fcfungen von Nachrichten, die Client Certificates, Client Certificate Requests und Server Certificates betreffen, Funktionsaufrufe von \"SSL_peek()\", den Funktionen \"MDC2_Update\" und \"EVP_DigestUpdate()\", die fehlerhafte Verwendung von TLS Session Tickets, der Funktion \"BN_bn2dec\", der Funktion \"TS_OBJ_print_bio\", Fehler in der DTLS-Implementierung und fehlerhafte Berechnung von Pointern. In der Folge kann ein entfernter, anonymer Angreifer diese Schwachstellen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "72612",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "T010661",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "T000855",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-6308"
    },
    {
      "cve": "CVE-2016-2178",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Ein lokaler Angreifer kann einen Fehler im DSA signing Algorithmus ausnutzen um \u00fcber einen Side Chanel Angriff sensitive Daten des Signatur-Prozesses offenzulegen. So kann z.B. auch der DSA Private Key offengelegt werden."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T001160",
          "157037",
          "T003343",
          "T009408",
          "T008638",
          "T006616",
          "2153",
          "T006618",
          "T006617",
          "T004914",
          "148715",
          "T000756",
          "T001721",
          "T000752",
          "5930",
          "T008871",
          "T002252",
          "T001162",
          "190829",
          "T006486",
          "T003254",
          "T008147",
          "T003851",
          "T008429",
          "64489",
          "110495",
          "110496",
          "161441",
          "2040",
          "2084",
          "T032354",
          "138491",
          "T000700",
          "T002207",
          "95918",
          "310725",
          "T002323",
          "T003290",
          "T003053",
          "T007521",
          "67646",
          "T003005",
          "2056",
          "189046",
          "T000614",
          "2002",
          "T001665",
          "T001664",
          "T001069",
          "T001663",
          "177610",
          "18557",
          "153141",
          "T007044",
          "161504",
          "T004484",
          "T007633",
          "131351",
          "T008769",
          "T004721",
          "T009615",
          "205828",
          "T004723",
          "2143",
          "2142",
          "2186",
          "160893",
          "196900",
          "170497",
          "201470",
          "T001411",
          "T001530",
          "T003390",
          "171387",
          "1727",
          "1889"
        ]
      },
      "release_date": "2016-09-22T22:00:00Z",
      "title": "CVE-2016-2178"
    }
  ]
}

cve-2016-2181

Vulnerability from cvelistv5

Published

2016-09-16 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/92982	vdb-entry
	https://www.tenable.com/security/tns-2016-20
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.securitytracker.com/id/1036690	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	https://support.f5.com/csp/article/K59298921
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92982",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "name": "1036690",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036690"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K59298921"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "92982",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92982"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "name": "1036690",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036690"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.f5.com/csp/article/K59298921"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2181",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2183

Vulnerability from cvelistv5

Published

2016-09-01 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2017:3113	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-20
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
	https://access.redhat.com/errata/RHSA-2017:3240	vendor-advisory
	https://www.tenable.com/security/tns-2016-16
	https://access.redhat.com/errata/RHSA-2017:2709	vendor-advisory
	http://www.securityfocus.com/bid/92630	vdb-entry
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
	https://www.tenable.com/security/tns-2016-21
	https://kc.mcafee.com/corporate/index?page=content&id=SB10171
	https://access.redhat.com/errata/RHSA-2017:3239	vendor-advisory
	https://www.exploit-db.com/exploits/42091/	exploit
	https://security.gentoo.org/glsa/201701-65	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://www.securitytracker.com/id/1036696	vdb-entry
	https://security.netapp.com/advisory/ntap-20160915-0001/
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
	https://security.gentoo.org/glsa/201707-01	vendor-advisory
	http://www.securityfocus.com/bid/95568	vdb-entry
	https://access.redhat.com/errata/RHSA-2017:3114	vendor-advisory
	https://bto.bluecoat.com/security-advisory/sa133
	https://www.tenable.com/security/tns-2017-09
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
	https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory
	https://wiki.opendaylight.org/view/Security_Advisories
	https://access.redhat.com/errata/RHSA-2017:2710	vendor-advisory
	https://security.netapp.com/advisory/ntap-20170119-0001/
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
	https://www.ietf.org/mail-archive/web/tls/current/msg04560.html	mailing-list
	https://access.redhat.com/errata/RHSA-2018:2123	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:2708	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
	http://rhn.redhat.com/errata/RHSA-2017-0462.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.securityfocus.com/archive/1/540341/100/0/threaded	mailing-list
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded	mailing-list
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded	mailing-list
	https://kc.mcafee.com/corporate/index?page=content&id=SB10197
	https://kc.mcafee.com/corporate/index?page=content&id=SB10186
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded	mailing-list
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://www.ubuntu.com/usn/USN-3194-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	https://seclists.org/bugtraq/2018/Nov/21	mailing-list
	https://support.f5.com/csp/article/K13167034
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
	http://www.securityfocus.com/archive/1/542005/100/0/threaded	mailing-list
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3372-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3270-1	vendor-advisory
	http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded	mailing-list
	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/May/105	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
	http://www.securityfocus.com/archive/1/539885/100/0/threaded	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
	http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3198-1	vendor-advisory
	http://seclists.org/fulldisclosure/2017/May/105
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
	http://www.securityfocus.com/archive/1/541104/100/0/threaded	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded	mailing-list
	http://www.ubuntu.com/usn/USN-3179-1	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://access.redhat.com/errata/RHSA-2019:1245	vendor-advisory
	https://access.redhat.com/errata/RHSA-2019:2859	vendor-advisory
	https://access.redhat.com/errata/RHSA-2020:0451	vendor-advisory
	https://kc.mcafee.com/corporate/index?page=content&id=SB10310
	https://www.oracle.com/security-alerts/cpuapr2020.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://www.oracle.com/security-alerts/cpujul2020.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
	https://www.oracle.com/security-alerts/cpujan2020.html
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://sweet32.info/
	http://www.splunk.com/view/SP-CAAAPUE
	https://bugzilla.redhat.com/show_bug.cgi?id=1369383
	https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	https://access.redhat.com/articles/2548661
	https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	https://www.sigsac.org/ccs/CCS2016/accepted-papers/
	http://www-01.ibm.com/support/docview.wss?uid=swg21991482
	https://www.openssl.org/blog/blog/2016/08/24/sweet32/
	https://access.redhat.com/security/cve/cve-2016-2183
	https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
	https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
	http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
	https://www.oracle.com/security-alerts/cpuoct2020.html
	https://www.oracle.com/security-alerts/cpuoct2021.html
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3113",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3113"
          },
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
          },
          {
            "name": "RHSA-2017:3240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3240"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "name": "RHSA-2017:2709",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2709"
          },
          {
            "name": "92630",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92630"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "name": "RHSA-2017:3239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3239"
          },
          {
            "name": "42091",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42091/"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "1036696",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036696"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "95568",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95568"
          },
          {
            "name": "RHSA-2017:3114",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wiki.opendaylight.org/view/Security_Advisories"
          },
          {
            "name": "RHSA-2017:2710",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2710"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
          },
          {
            "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
          },
          {
            "name": "RHSA-2018:2123",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2123"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:2708",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2708"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
          },
          {
            "name": "RHSA-2017:0462",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "USN-3194-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3194-1"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2018/Nov/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K13167034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
          },
          {
            "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "USN-3372-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3372-1"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2017:0460",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
          },
          {
            "name": "SUSE-SU-2017:0490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
          },
          {
            "name": "USN-3270-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3270-1"
          },
          {
            "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/May/105"
          },
          {
            "name": "openSUSE-SU-2017:0513",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2017:0374",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2017:0346",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "USN-3198-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3198-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/May/105"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
          },
          {
            "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2017:1444",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
          },
          {
            "name": "USN-3179-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3179-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "name": "RHSA-2019:1245",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1245"
          },
          {
            "name": "RHSA-2019:2859",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2859"
          },
          {
            "name": "RHSA-2020:0451",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0451"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sweet32.info/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/2548661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2016-2183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:3113",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3113"
        },
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
        },
        {
          "name": "RHSA-2017:3240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3240"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "name": "RHSA-2017:2709",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2709"
        },
        {
          "name": "92630",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92630"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "name": "RHSA-2017:3239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3239"
        },
        {
          "name": "42091",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/42091/"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "1036696",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036696"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "95568",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/95568"
        },
        {
          "name": "RHSA-2017:3114",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3114"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa133"
        },
        {
          "url": "https://www.tenable.com/security/tns-2017-09"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "url": "https://wiki.opendaylight.org/view/Security_Advisories"
        },
        {
          "name": "RHSA-2017:2710",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2710"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
        },
        {
          "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
        },
        {
          "name": "RHSA-2018:2123",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2123"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:2708",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2708"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
        },
        {
          "name": "RHSA-2017:0462",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "USN-3194-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3194-1"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2018/Nov/21"
        },
        {
          "url": "https://support.f5.com/csp/article/K13167034"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
        },
        {
          "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "USN-3372-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3372-1"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2017:0460",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
        },
        {
          "name": "SUSE-SU-2017:0490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
        },
        {
          "name": "USN-3270-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3270-1"
        },
        {
          "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/May/105"
        },
        {
          "name": "openSUSE-SU-2017:0513",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2017:0374",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
        },
        {
          "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2017:0346",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "USN-3198-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3198-1"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2017/May/105"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
        },
        {
          "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2017:1444",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
        },
        {
          "name": "USN-3179-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3179-1"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "name": "RHSA-2019:1245",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1245"
        },
        {
          "name": "RHSA-2019:2859",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2859"
        },
        {
          "name": "RHSA-2020:0451",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0451"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://sweet32.info/"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
        },
        {
          "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://access.redhat.com/articles/2548661"
        },
        {
          "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
        },
        {
          "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2016-2183"
        },
        {
          "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
        },
        {
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2183",
    "datePublished": "2016-09-01T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2178

Vulnerability from cvelistv5

Published

2016-06-20 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2016-20
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2016/06/09/8	mailing-list
	https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	http://www.securityfocus.com/bid/91081	vdb-entry
	https://access.redhat.com/errata/RHSA-2017:0194	vendor-advisory
	http://www.openwall.com/lists/oss-security/2016/06/08/2	mailing-list
	https://access.redhat.com/errata/RHSA-2017:0193	vendor-advisory
	https://bugzilla.redhat.com/show_bug.cgi?id=1343400
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
	http://www.securitytracker.com/id/1036054	vdb-entry
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	http://eprint.iacr.org/2016/594.pdf
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl	vendor-advisory
	http://www.openwall.com/lists/oss-security/2016/06/08/8	mailing-list
	http://www.openwall.com/lists/oss-security/2016/06/08/4	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2016/06/08/6	mailing-list
	https://support.f5.com/csp/article/K53084033
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
	http://www.openwall.com/lists/oss-security/2016/06/08/10	mailing-list
	http://www.openwall.com/lists/oss-security/2016/06/08/11	mailing-list
	http://www.openwall.com/lists/oss-security/2016/06/08/5	mailing-list
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2016/06/08/12	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2016/06/08/7	mailing-list
	http://www.openwall.com/lists/oss-security/2016/06/09/2	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "91081",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91081"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "name": "1036054",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036054"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://eprint.iacr.org/2016/594.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K53084033"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"
          },
          {
            "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "91081",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91081"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "name": "1036054",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036054"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "http://eprint.iacr.org/2016/594.pdf"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"
        },
        {
          "url": "https://support.f5.com/csp/article/K53084033"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"
        },
        {
          "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2178",
    "datePublished": "2016-06-20T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6303

Vulnerability from cvelistv5

Published

2016-09-16 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2016-20
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.securitytracker.com/id/1036885	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.securityfocus.com/bid/92984	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://bugzilla.redhat.com/show_bug.cgi?id=1370146
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "92984",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "92984",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92984"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6303",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6305

Vulnerability from cvelistv5

Published

2016-09-26 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20160922.txt
	https://www.tenable.com/security/tns-2016-20
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://www.securitytracker.com/id/1036879	vdb-entry
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.securityfocus.com/bid/93149	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://github.com/openssl/openssl/issues/1563
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "1036879",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036879"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "name": "93149",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93149"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/issues/1563"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "1036879",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036879"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "name": "93149",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93149"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://github.com/openssl/openssl/issues/1563"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6305",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6306

Vulnerability from cvelistv5

Published

2016-09-26 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2016-20
	https://access.redhat.com/errata/RHSA-2018:2185	vendor-advisory
	https://access.redhat.com/errata/RHSA-2018:2186	vendor-advisory
	http://www.securityfocus.com/bid/93153	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
	http://www.securitytracker.com/id/1036885	vdb-entry
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	https://bto.bluecoat.com/security-advisory/sa132
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2018:2187	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
	https://support.f5.com/csp/article/K90492697
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://www.oracle.com/security-alerts/cpuapr2020.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://www.oracle.com/security-alerts/cpujul2020.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
	https://www.oracle.com/security-alerts/cpujan2020.html
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://www.openssl.org/news/secadv/20160922.txt
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
	https://www.oracle.com/security-alerts/cpuoct2020.html
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "name": "93153",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93153"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K90492697"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "name": "93153",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93153"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "url": "https://support.f5.com/csp/article/K90492697"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6306",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2182

Vulnerability from cvelistv5

Published

2016-09-16 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1036688	vdb-entry
	https://www.tenable.com/security/tns-2016-20
	https://access.redhat.com/errata/RHSA-2018:2185	vendor-advisory
	https://access.redhat.com/errata/RHSA-2018:2186	vendor-advisory
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://www.securityfocus.com/bid/92557	vdb-entry
	https://source.android.com/security/bulletin/2017-03-01
	http://www.securitytracker.com/id/1037968	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	https://kc.mcafee.com/corporate/index?page=content&id=SB10171
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	https://source.android.com/security/bulletin/2017-03-01.html
	https://access.redhat.com/errata/RHSA-2018:2187	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	https://support.f5.com/csp/article/K01276005
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036688",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036688"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "92557",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92557"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-03-01"
          },
          {
            "name": "1037968",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037968"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-03-01.html"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K01276005"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1036688",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036688"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "92557",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92557"
        },
        {
          "url": "https://source.android.com/security/bulletin/2017-03-01"
        },
        {
          "name": "1037968",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1037968"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://source.android.com/security/bulletin/2017-03-01.html"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "url": "https://support.f5.com/csp/article/K01276005"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2182",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2180

Vulnerability from cvelistv5

Published

2016-08-01 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2016-20
	https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.securitytracker.com/id/1036486	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://bugzilla.redhat.com/show_bug.cgi?id=1359615
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	http://www.securityfocus.com/bid/92117	vdb-entry
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "name": "1036486",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036486"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "92117",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92117"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "name": "1036486",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036486"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "92117",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92117"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2180",
    "datePublished": "2016-08-01T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6302

Vulnerability from cvelistv5

Published

2016-09-16 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2016-20
	https://access.redhat.com/errata/RHSA-2018:2185	vendor-advisory
	https://access.redhat.com/errata/RHSA-2018:2186	vendor-advisory
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	http://www.securityfocus.com/bid/92628	vdb-entry
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.securitytracker.com/id/1036885	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	https://access.redhat.com/errata/RHSA-2018:2187	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "92628",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92628"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "92628",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92628"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6302",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2179

Vulnerability from cvelistv5

Published

2016-09-16 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2016-20
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	http://www.securitytracker.com/id/1036689	vdb-entry
	http://www.securityfocus.com/bid/92987	vdb-entry
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "1036689",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036689"
          },
          {
            "name": "92987",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92987"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "1036689",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036689"
        },
        {
          "name": "92987",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92987"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2179",
    "datePublished": "2016-09-16T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6304

Vulnerability from cvelistv5

Published

2016-09-26 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20160922.txt
	https://www.tenable.com/security/tns-2016-20
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.securityfocus.com/bid/93150	vdb-entry
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	http://rhn.redhat.com/errata/RHSA-2016-2802.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	http://www.securitytracker.com/id/1036878	vdb-entry
	http://www.splunk.com/view/SP-CAAAPSV
	https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	https://www.tenable.com/security/tns-2016-16
	https://access.redhat.com/errata/RHSA-2017:2494	vendor-advisory
	http://www.securitytracker.com/id/1037640	vdb-entry
	https://www.tenable.com/security/tns-2016-21
	https://kc.mcafee.com/corporate/index?page=content&id=SB10171
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://access.redhat.com/errata/RHSA-2017:2493	vendor-advisory
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://seclists.org/fulldisclosure/2016/Oct/62	mailing-list
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://seclists.org/fulldisclosure/2016/Dec/47	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "93150",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93150"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "RHSA-2016:2802",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "name": "1036878",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036878"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "name": "RHSA-2017:2494",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2494"
          },
          {
            "name": "1037640",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037640"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "RHSA-2017:2493",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2493"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Oct/62"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Dec/47"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2016:2788",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:2769",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "93150",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93150"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "RHSA-2016:2802",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "name": "1036878",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036878"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "name": "RHSA-2017:2494",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2494"
        },
        {
          "name": "1037640",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1037640"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "RHSA-2017:2493",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2493"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Oct/62"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Dec/47"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2016:2788",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:2769",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6304",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6308

Vulnerability from cvelistv5

Published

2016-09-26 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20160922.txt
	https://www.tenable.com/security/tns-2016-20
	http://www.securityfocus.com/bid/93151	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.securitytracker.com/id/1036885	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:19.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "93151",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93151"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "93151",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93151"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6308",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:19.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6307

Vulnerability from cvelistv5

Published

2016-09-26 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20160922.txt
	https://www.tenable.com/security/tns-2016-20
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.securitytracker.com/id/1036885	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://www.securityfocus.com/bid/93152	vdb-entry
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "name": "1036885",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036885"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "93152",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93152"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "name": "1036885",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036885"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "93152",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93152"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6307",
    "datePublished": "2016-09-26T00:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:18.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2177

Vulnerability from cvelistv5

Published

2016-06-20 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

References

▼	URL	Tags
	https://www.tenable.com/security/tns-2016-20
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.securitytracker.com/id/1036088	vdb-entry
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
	http://www.splunk.com/view/SP-CAAAPSV
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://www.tenable.com/security/tns-2016-16
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7
	https://www.tenable.com/security/tns-2016-21
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://access.redhat.com/errata/RHSA-2017:0194	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:0193	vendor-advisory
	https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	https://bto.bluecoat.com/security-advisory/sa132
	https://bugzilla.redhat.com/show_bug.cgi?id=1341705
	https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/
	http://www.securityfocus.com/bid/91319	vdb-entry
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us
	https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
	https://kc.mcafee.com/corporate/index?page=content&id=SB10165
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	http://www.openwall.com/lists/oss-security/2016/06/08/9	mailing-list
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://www.securityfocus.com/archive/1/540957/100/0/threaded	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://www.ubuntu.com/usn/USN-3181-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
	https://support.f5.com/csp/article/K23873366
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "1036088",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
          },
          {
            "name": "91319",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91319"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03763en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10165"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "USN-3181-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3181-1"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K23873366"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "1036088",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036088"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
        },
        {
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
        },
        {
          "name": "91319",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91319"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03763en_us"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10165"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "USN-3181-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3181-1"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "https://support.f5.com/csp/article/K23873366"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2177",
    "datePublished": "2016-06-20T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature