csaf_suse - suse-su-2017:0605-1

suse-su-2017:0605-1

Vulnerability from csaf_suse

Published

2017-03-03 16:46

Modified

2017-03-03 16:46

Summary

Security update for compat-openssl098

Notes

Title of the patch

Security update for compat-openssl098

Description of the patch

This update for compat-openssl098 fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334) - CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878) - degrade 3DES to MEDIUM in SSL2 (bsc#1001912) - CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499) Bugs fixed: - fix crash in openssl speed (bsc#1000677) - don't attempt session resumption if no ticket is present and session ID length is zero (bsc#984663)

Patchnames

SUSE-SLE-DESKTOP-12-SP1-2017-319,SUSE-SLE-DESKTOP-12-SP2-2017-319,SUSE-SLE-Module-Legacy-12-2017-319,SUSE-SLE-SAP-12-SP1-2017-319,SUSE-SLE-SAP-12-SP2-2017-319

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for compat-openssl098",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for compat-openssl098 fixes the following issues contained in the\nOpenSSL Security Advisory [26 Jan 2017] (bsc#1021641)\n\nSecurity issues fixed:\n- CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed (bsc#1019334)\n- CVE-2016-8610: A remote denial of service in SSL alert handling was fixed (bsc#1005878)\n- degrade 3DES to MEDIUM in SSL2 (bsc#1001912)\n- CVE-2016-2108: Added a missing commit for CVE-2016-2108, fixing the negative zero handling in the ASN.1 decoder (bsc#1004499)\n\nBugs fixed:\n- fix crash in openssl speed (bsc#1000677)\n- don\u0027t attempt session resumption if no ticket is present and session\n  ID length is zero (bsc#984663)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2017-319,SUSE-SLE-DESKTOP-12-SP2-2017-319,SUSE-SLE-Module-Legacy-12-2017-319,SUSE-SLE-SAP-12-SP1-2017-319,SUSE-SLE-SAP-12-SP2-2017-319",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0605-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:0605-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170605-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:0605-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-March/002678.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1000677",
        "url": "https://bugzilla.suse.com/1000677"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1001912",
        "url": "https://bugzilla.suse.com/1001912"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1004499",
        "url": "https://bugzilla.suse.com/1004499"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1005878",
        "url": "https://bugzilla.suse.com/1005878"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1019334",
        "url": "https://bugzilla.suse.com/1019334"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021641",
        "url": "https://bugzilla.suse.com/1021641"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 984663",
        "url": "https://bugzilla.suse.com/984663"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2108 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2108/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7056 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7056/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8610 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8610/"
      }
    ],
    "title": "Security update for compat-openssl098",
    "tracking": {
      "current_release_date": "2017-03-03T16:46:55Z",
      "generator": {
        "date": "2017-03-03T16:46:55Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:0605-1",
      "initial_release_date": "2017-03-03T16:46:55Z",
      "revision_history": [
        {
          "date": "2017-03-03T16:46:55Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-0.9.8j-105.1.s390x",
                "product": {
                  "name": "libopenssl0_9_8-0.9.8j-105.1.s390x",
                  "product_id": "libopenssl0_9_8-0.9.8j-105.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
                "product": {
                  "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
                  "product_id": "libopenssl0_9_8-32bit-0.9.8j-105.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-0.9.8j-105.1.x86_64",
                "product": {
                  "name": "libopenssl0_9_8-0.9.8j-105.1.x86_64",
                  "product_id": "libopenssl0_9_8-0.9.8j-105.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
                "product": {
                  "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
                  "product_id": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Legacy 12",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Legacy 12",
                  "product_id": "SUSE Linux Enterprise Module for Legacy 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-legacy:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-105.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-105.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-105.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-105.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-2108",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2108"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2108",
          "url": "https://www.suse.com/security/cve/CVE-2016-2108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1001502 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1001502"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1004499 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1004499"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005878 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1005878"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/1148697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977584 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/977584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 977617 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/977617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 978492 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/978492"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 989345 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/989345"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 996067 for CVE-2016-2108",
          "url": "https://bugzilla.suse.com/996067"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-03T16:46:55Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-2108"
    },
    {
      "cve": "CVE-2016-7056",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7056"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7056",
          "url": "https://www.suse.com/security/cve/CVE-2016-7056"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005878 for CVE-2016-7056",
          "url": "https://bugzilla.suse.com/1005878"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1019334 for CVE-2016-7056",
          "url": "https://bugzilla.suse.com/1019334"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2016-7056",
          "url": "https://bugzilla.suse.com/1148697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-03T16:46:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-7056"
    },
    {
      "cve": "CVE-2016-8610",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8610"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8610",
          "url": "https://www.suse.com/security/cve/CVE-2016-8610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005878 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1005878"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005879 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1005879"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1110018 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1110018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120592 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1120592"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126909 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1126909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1148697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 982575 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/982575"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP2:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-105.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-105.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-03-03T16:46:55Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-8610"
    }
  ]
}

CVE-2016-8610 (GCVE-0-2016-8610)

Vulnerability from cvelistv5

Published

2017-11-13 22:00

Modified

2024-08-06 02:27

Severity ?

CWE

CWE-400

Summary

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

References

►

URL

Tags

	http://www.securityfocus.com/bid/93841	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0286.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2494	vendor-advisory, x_refsource_REDHAT
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc	vendor-advisory, x_refsource_FREEBSD
	https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory, x_refsource_REDHAT
	http://seclists.org/oss-sec/2016/q4/224	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2017-0574.html	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-3773	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1037084	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2493	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20171130-0001/	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610	x_refsource_CONFIRM
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401	x_refsource_CONFIRM
	https://security.360.cn/cve/CVE-2016-8610/	x_refsource_MISC
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us	x_refsource_CONFIRM
	https://security.paloaltonetworks.com/CVE-2016-8610	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: All 0.9.8 Version: All 1.0.1 Version: 1.0.2 through 1.0.2h Version: 1.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:40.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93841",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93841"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "name": "RHSA-2017:0286",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "name": "RHSA-2017:2494",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2494"
          },
          {
            "name": "FreeBSD-SA-16:35",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2016/q4/224"
          },
          {
            "name": "RHSA-2017:0574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
          },
          {
            "name": "DSA-3773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3773"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "name": "1037084",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037084"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          },
          {
            "name": "RHSA-2017:2493",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2493"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.360.cn/cve/CVE-2016-8610/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2016-8610"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "All 0.9.8"
            },
            {
              "status": "affected",
              "version": "All 1.0.1"
            },
            {
              "status": "affected",
              "version": "1.0.2 through 1.0.2h"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        }
      ],
      "datePublic": "2016-10-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:51",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "93841",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93841"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "name": "RHSA-2017:0286",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "name": "RHSA-2017:2494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2494"
        },
        {
          "name": "FreeBSD-SA-16:35",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2016/q4/224"
        },
        {
          "name": "RHSA-2017:0574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
        },
        {
          "name": "DSA-3773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3773"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "name": "1037084",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037084"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        },
        {
          "name": "RHSA-2017:2493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2493"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.360.cn/cve/CVE-2016-8610/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2016-8610"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8610",
    "datePublished": "2017-11-13T22:00:00Z",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:40.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2108 (GCVE-0-2016-2108)

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

References

►

URL

Tags

	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://support.citrix.com/article/CTX212736
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-18
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:0194	vendor-advisory
	http://source.android.com/security/bulletin/2016-07-01.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
	https://access.redhat.com/errata/RHSA-2017:0193	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://www.securityfocus.com/bid/89752	vdb-entry
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2016:1137	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "name": "RHSA-2016:2056",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
          },
          {
            "name": "openSUSE-SU-2016:1238",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2016:1242",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:1267",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
          },
          {
            "name": "RHSA-2016:2073",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "name": "DSA-3566",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "openSUSE-SU-2016:1243",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "SUSE-SU-2016:1228",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX212736"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
          },
          {
            "name": "openSUSE-SU-2016:1239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
          },
          {
            "name": "FEDORA-2016-1e39d934ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "name": "SUSE-SU-2016:1231",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "FEDORA-2016-1411324654",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
          },
          {
            "name": "openSUSE-SU-2016:1240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
          },
          {
            "name": "openSUSE-SU-2016:1241",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "name": "SUSE-SU-2016:1360",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "name": "SUSE-SU-2016:1233",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "name": "openSUSE-SU-2016:1237",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "name": "RHSA-2016:0996",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:1290",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:1273",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-2959-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2959-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "RHSA-2016:0722",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "name": "89752",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89752"
          },
          {
            "name": "FEDORA-2016-05c567df1a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
          },
          {
            "name": "RHSA-2016:1137",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "name": "RHSA-2016:2056",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
        },
        {
          "name": "openSUSE-SU-2016:1238",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2016:1242",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:1267",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
        },
        {
          "name": "RHSA-2016:2073",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "name": "DSA-3566",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3566"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "openSUSE-SU-2016:1243",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "SUSE-SU-2016:1228",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "url": "http://support.citrix.com/article/CTX212736"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
        },
        {
          "name": "openSUSE-SU-2016:1239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
        },
        {
          "name": "FEDORA-2016-1e39d934ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "name": "SUSE-SU-2016:1231",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "FEDORA-2016-1411324654",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
        },
        {
          "name": "openSUSE-SU-2016:1240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
        },
        {
          "name": "openSUSE-SU-2016:1241",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "name": "SUSE-SU-2016:1360",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "name": "SUSE-SU-2016:1233",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "url": "http://source.android.com/security/bulletin/2016-07-01.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "name": "openSUSE-SU-2016:1237",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "name": "RHSA-2016:0996",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
        },
        {
          "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:1290",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:1273",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-2959-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2959-1"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "RHSA-2016:0722",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "name": "89752",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89752"
        },
        {
          "name": "FEDORA-2016-05c567df1a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
        },
        {
          "name": "RHSA-2016:1137",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1137"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2108",
    "datePublished": "2016-05-05T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.714Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7056 (GCVE-0-2016-7056)

Vulnerability from cvelistv5

Published

2018-09-10 16:00

Modified

2024-08-06 01:50

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-385

Summary

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

References

►

URL

Tags

	https://eprint.iacr.org/2016/1195	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory, x_refsource_REDHAT
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory, x_refsource_REDHAT
	https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037575	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory, x_refsource_REDHAT
	https://seclists.org/oss-sec/2017/q1/52	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2017/dsa-3773	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056	x_refsource_CONFIRM
	https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95375	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory, x_refsource_REDHAT
	https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2016-7056	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	The OpenSSL Project	openssl	Version: openssl 1.0.1u

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:46.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eprint.iacr.org/2016/1195"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig"
          },
          {
            "name": "1037575",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037575"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "name": "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2017/q1/52"
          },
          {
            "name": "DSA-3773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3773"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html"
          },
          {
            "name": "95375",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95375"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-7056"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openssl",
          "vendor": "The OpenSSL Project",
          "versions": [
            {
              "status": "affected",
              "version": "openssl 1.0.1u"
            }
          ]
        }
      ],
      "datePublic": "2017-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-385",
              "description": "CWE-385",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-11T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eprint.iacr.org/2016/1195"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig"
        },
        {
          "name": "1037575",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037575"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "name": "[oss-security] 20170110 CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://seclists.org/oss-sec/2017/q1/52"
        },
        {
          "name": "DSA-3773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3773"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html"
        },
        {
          "name": "95375",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95375"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-7056"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-7056",
    "datePublished": "2018-09-10T16:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:46.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2017:0605-1

Vulnerability from csaf_suse

CVE-2016-8610 (GCVE-0-2016-8610)

Vulnerability from cvelistv5

CVE-2016-2108 (GCVE-0-2016-2108)

Vulnerability from cvelistv5

CVE-2016-7056 (GCVE-0-2016-7056)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature