csaf_suse - suse-su-2016:1267-1

suse-su-2016:1267-1

Vulnerability from csaf_suse

Published

2016-05-09 06:50

Modified

2016-05-09 06:50

Summary

Security update for compat-openssl098

Notes

Title of the patch

Security update for compat-openssl098

Description of the patch

This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation 'CacheBleed' (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse The following non-security bugs were fixed: - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)

Patchnames

SUSE-SLE-DESKTOP-12-2016-735,SUSE-SLE-DESKTOP-12-SP1-2016-735,SUSE-SLE-Module-Legacy-12-2016-735,SUSE-SLE-SAP-12-SP1-2016-735

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for compat-openssl098",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for compat-openssl098 fixes the following issues:\n\n- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n- CVE-2016-0702: Side channel attack on modular exponentiation \u0027CacheBleed\u0027 (bsc#968050)\n- bsc#976943: Buffer overrun in ASN1_parse\n\nThe following non-security bugs were fixed:\n\n- bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-2016-735,SUSE-SLE-DESKTOP-12-SP1-2016-735,SUSE-SLE-Module-Legacy-12-2016-735,SUSE-SLE-SAP-12-SP1-2016-735",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1267-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:1267-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161267-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:1267-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002050.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 889013",
        "url": "https://bugzilla.suse.com/889013"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 968050",
        "url": "https://bugzilla.suse.com/968050"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 976942",
        "url": "https://bugzilla.suse.com/976942"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 976943",
        "url": "https://bugzilla.suse.com/976943"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 977614",
        "url": "https://bugzilla.suse.com/977614"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 977615",
        "url": "https://bugzilla.suse.com/977615"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 977617",
        "url": "https://bugzilla.suse.com/977617"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0702 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2105 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2105/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2106 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2106/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2108 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2108/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2109 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2109/"
      }
    ],
    "title": "Security update for compat-openssl098",
    "tracking": {
      "current_release_date": "2016-05-09T06:50:20Z",
      "generator": {
        "date": "2016-05-09T06:50:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:1267-1",
      "initial_release_date": "2016-05-09T06:50:20Z",
      "revision_history": [
        {
          "date": "2016-05-09T06:50:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-0.9.8j-97.1.s390x",
                "product": {
                  "name": "libopenssl0_9_8-0.9.8j-97.1.s390x",
                  "product_id": "libopenssl0_9_8-0.9.8j-97.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
                "product": {
                  "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
                  "product_id": "libopenssl0_9_8-32bit-0.9.8j-97.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-0.9.8j-97.1.x86_64",
                "product": {
                  "name": "libopenssl0_9_8-0.9.8j-97.1.x86_64",
                  "product_id": "libopenssl0_9_8-0.9.8j-97.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
                "product": {
                  "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
                  "product_id": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12",
                  "product_id": "SUSE Linux Enterprise Desktop 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Legacy 12",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Legacy 12",
                  "product_id": "SUSE Linux Enterprise Module for Legacy 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-legacy:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-97.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-97.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-97.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-97.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-97.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-97.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-97.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-97.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-97.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-97.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-0702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0702",
          "url": "https://www.suse.com/security/cve/CVE-2016-0702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007806 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/1007806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968050 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/968050"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971238 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/971238"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990370 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/990370"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-05-09T06:50:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0702"
    },
    {
      "cve": "CVE-2016-2105",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2105"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2105",
          "url": "https://www.suse.com/security/cve/CVE-2016-2105"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977584 for CVE-2016-2105",
          "url": "https://bugzilla.suse.com/977584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977614 for CVE-2016-2105",
          "url": "https://bugzilla.suse.com/977614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 978492 for CVE-2016-2105",
          "url": "https://bugzilla.suse.com/978492"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 989902 for CVE-2016-2105",
          "url": "https://bugzilla.suse.com/989902"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990369 for CVE-2016-2105",
          "url": "https://bugzilla.suse.com/990369"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990370 for CVE-2016-2105",
          "url": "https://bugzilla.suse.com/990370"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-05-09T06:50:20Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-2105"
    },
    {
      "cve": "CVE-2016-2106",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2106"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2106",
          "url": "https://www.suse.com/security/cve/CVE-2016-2106"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977584 for CVE-2016-2106",
          "url": "https://bugzilla.suse.com/977584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977615 for CVE-2016-2106",
          "url": "https://bugzilla.suse.com/977615"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 978492 for CVE-2016-2106",
          "url": "https://bugzilla.suse.com/978492"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979279 for CVE-2016-2106",
          "url": "https://bugzilla.suse.com/979279"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990369 for CVE-2016-2106",
          "url": "https://bugzilla.suse.com/990369"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-05-09T06:50:20Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-2106"
    },
    {
      "cve": "CVE-2016-2108",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2108"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2108",
          "url": "https://www.suse.com/security/cve/CVE-2016-2108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1001502 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1001502"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1004499 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1004499"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005878 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1005878"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1148697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977584 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/977584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977617 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/977617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 978492 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/978492"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 989345 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/989345"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996067 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/996067"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-05-09T06:50:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-2108"
    },
    {
      "cve": "CVE-2016-2109",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2109"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2109",
          "url": "https://www.suse.com/security/cve/CVE-2016-2109"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015243 for CVE-2016-2109",
          "url": "https://bugzilla.suse.com/1015243"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 976942 for CVE-2016-2109",
          "url": "https://bugzilla.suse.com/976942"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977584 for CVE-2016-2109",
          "url": "https://bugzilla.suse.com/977584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 978492 for CVE-2016-2109",
          "url": "https://bugzilla.suse.com/978492"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990369 for CVE-2016-2109",
          "url": "https://bugzilla.suse.com/990369"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-97.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-97.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-05-09T06:50:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-2109"
    }
  ]
}

CVE-2016-2109 (GCVE-0-2016-2109)

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

References

►

URL

Tags

	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://source.android.com/security/bulletin/2017-07-01
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-18
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20160504-0001/
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://www.securityfocus.com/bid/87940	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-07-01"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "87940",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/87940"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "FreeBSD-SA-16:17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "url": "https://source.android.com/security/bulletin/2017-07-01"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "87940",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/87940"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "FreeBSD-SA-16:17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2109",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2105 (GCVE-0-2016-2105)

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

References

►

URL

Tags

	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.securityfocus.com/bid/89757	vdb-entry
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1648.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	https://source.android.com/security/bulletin/pixel/2017-11-01
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-18
	http://rhn.redhat.com/errata/RHSA-2016-1649.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1650.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "name": "89757",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "RHSA-2016:1648",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "name": "RHSA-2016:1649",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "FreeBSD-SA-16:17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "name": "89757",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89757"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "RHSA-2016:1648",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "name": "RHSA-2016:1649",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "FreeBSD-SA-16:17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2105",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2106 (GCVE-0-2016-2106)

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

References

►

URL

Tags

	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1648.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	https://source.android.com/security/bulletin/pixel/2017-11-01
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	http://www.securityfocus.com/bid/89744	vdb-entry
	https://www.tenable.com/security/tns-2016-18
	http://rhn.redhat.com/errata/RHSA-2016-1649.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1650.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "RHSA-2016:1648",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "name": "89744",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89744"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "name": "RHSA-2016:1649",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:1650",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "name": "FreeBSD-SA-16:17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "RHSA-2016:1648",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "name": "89744",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89744"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "name": "RHSA-2016:1649",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:1650",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "name": "FreeBSD-SA-16:17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2106",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2108 (GCVE-0-2016-2108)

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

References

►

URL

Tags

	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://support.citrix.com/article/CTX212736
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-18
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:0194	vendor-advisory
	http://source.android.com/security/bulletin/2016-07-01.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
	https://access.redhat.com/errata/RHSA-2017:0193	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://www.securityfocus.com/bid/89752	vdb-entry
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2016:1137	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX212736"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "89752",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89752"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "name": "RHSA-2016:1137",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "url": "http://support.citrix.com/article/CTX212736"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "url": "http://source.android.com/security/bulletin/2016-07-01.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "89752",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89752"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "name": "RHSA-2016:1137",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1137"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2108",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0702 (GCVE-0-2016-0702)

Vulnerability from cvelistv5

Published

2016-03-03 00:00

Modified

2024-08-05 22:30

Severity ?

CWE

Summary

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=145889460330120&w=2	vendor-advisory
	http://www.ubuntu.com/usn/USN-2914-1	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://openssl.org/news/secadv/20160301.txt
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html	vendor-advisory
	http://www.debian.org/security/2016/dsa-3500	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html	vendor-advisory
	https://www.openssl.org/news/secadv/20160301.txt
	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	https://security.gentoo.org/glsa/201603-15	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html	vendor-advisory
	http://www.securitytracker.com/id/1035133	vdb-entry
	http://cachebleed.info
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2016-2802690366",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "FEDORA-2016-e6807b3394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
          },
          {
            "name": "openSUSE-SU-2016:0638",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
          },
          {
            "name": "FreeBSD-SA-16:12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:0621",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
          },
          {
            "name": "HPSBGN03563",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
          },
          {
            "name": "USN-2914-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2914-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:1057",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
          },
          {
            "name": "openSUSE-SU-2016:1566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssl.org/news/secadv/20160301.txt"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
          },
          {
            "name": "openSUSE-SU-2016:0720",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "SUSE-SU-2016:0624",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
          },
          {
            "name": "DSA-3500",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
          },
          {
            "name": "SUSE-SU-2016:0631",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160301.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "SUSE-SU-2016:0617",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "GLSA-201603-15",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-15"
          },
          {
            "name": "openSUSE-SU-2016:0628",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
          },
          {
            "name": "1035133",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://cachebleed.info"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
          },
          {
            "name": "SUSE-SU-2016:0620",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:0637",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2016:0627",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
          },
          {
            "name": "SUSE-SU-2016:0641",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2016-2802690366",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "FEDORA-2016-e6807b3394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html"
        },
        {
          "name": "openSUSE-SU-2016:0638",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
        },
        {
          "name": "FreeBSD-SA-16:12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:0621",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html"
        },
        {
          "name": "HPSBGN03563",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145889460330120\u0026w=2"
        },
        {
          "name": "USN-2914-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2914-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:1057",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html"
        },
        {
          "name": "openSUSE-SU-2016:1566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "url": "http://openssl.org/news/secadv/20160301.txt"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "name": "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
        },
        {
          "name": "openSUSE-SU-2016:0720",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "SUSE-SU-2016:0624",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html"
        },
        {
          "name": "DSA-3500",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3500"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03741en_us"
        },
        {
          "name": "SUSE-SU-2016:0631",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160301.txt"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "SUSE-SU-2016:0617",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "GLSA-201603-15",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201603-15"
        },
        {
          "name": "openSUSE-SU-2016:0628",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html"
        },
        {
          "name": "1035133",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035133"
        },
        {
          "url": "http://cachebleed.info"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1"
        },
        {
          "name": "SUSE-SU-2016:0620",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:0637",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2016:0627",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html"
        },
        {
          "name": "SUSE-SU-2016:0641",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0702",
    "datePublished": "2016-03-03T00:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:03.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2016:1267-1

Vulnerability from csaf_suse

CVE-2016-2109 (GCVE-0-2016-2109)

Vulnerability from cvelistv5

CVE-2016-2105 (GCVE-0-2016-2105)

Vulnerability from cvelistv5

CVE-2016-2106 (GCVE-0-2016-2106)

Vulnerability from cvelistv5

CVE-2016-2108 (GCVE-0-2016-2108)

Vulnerability from cvelistv5

CVE-2016-0702 (GCVE-0-2016-0702)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature