Lucene search

RedhatCVE-2016-2108

HistoryMay 05, 2016 - 1:59 a.m.

CVE-2016-2108

2016-05-0501:59:04

CWE-119

redhat

web.nvd.nist.gov

433

cve-2016-2108

openssl

remote code execution

denial of service

buffer underflow

memory corruption

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.895

Percentile

98.8%

JSON

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the “negative zero” issue.

Affected configurations

Nvd

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_hpc_nodeMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

opensslopensslRange≤1.0.1n

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2beta1

opensslopensslMatch1.0.2beta2

opensslopensslMatch1.0.2beta3

opensslopensslMatch1.0.2a

opensslopensslMatch1.0.2b

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.2

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_eusMatch7.2

redhatenterprise_linux_workstationMatch7.0

Node

googleandroidMatch4.0

googleandroidMatch4.0.1

googleandroidMatch4.0.2

googleandroidMatch4.0.3

googleandroidMatch4.0.4

googleandroidMatch4.1

googleandroidMatch4.1.2

googleandroidMatch4.2

googleandroidMatch4.2.1

googleandroidMatch4.2.2

googleandroidMatch4.3

googleandroidMatch4.3.1

googleandroidMatch4.4

googleandroidMatch4.4.1

googleandroidMatch4.4.2

googleandroidMatch4.4.3

googleandroidMatch5.0

googleandroidMatch5.0.1

googleandroidMatch5.1

googleandroidMatch5.1.0

googleandroidMatch6.0

googleandroidMatch6.0.1

VendorProductVersionCPE
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_hpc_node6.0cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation6.0cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
opensslopenssl1.0.2acpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_hpc_node	6.0	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_workstation	6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::
openssl	openssl	1.0.2	cpe:2.3:a:openssl:openssl:1.0.2:::::::*
openssl	openssl	1.0.2	cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::
openssl	openssl	1.0.2	cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::
openssl	openssl	1.0.2	cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::
openssl	openssl	1.0.2a	cpe:2.3:a:openssl:openssl:1.0.2a:::::::*

Rows per page:

1-10 of 401

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html

lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html

lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html

packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

rhn.redhat.com/errata/RHSA-2016-0722.html

rhn.redhat.com/errata/RHSA-2016-0996.html

rhn.redhat.com/errata/RHSA-2016-2056.html

rhn.redhat.com/errata/RHSA-2016-2073.html

rhn.redhat.com/errata/RHSA-2016-2957.html

source.android.com/security/bulletin/2016-07-01.html

support.citrix.com/article/CTX212736

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

www.debian.org/security/2016/dsa-3566

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/89752

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1035721

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

www.ubuntu.com/usn/USN-2959-1

access.redhat.com/errata/RHSA-2016:1137

access.redhat.com/errata/RHSA-2017:0193

access.redhat.com/errata/RHSA-2017:0194

bto.bluecoat.com/security-advisory/sa123

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202

security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr

security.gentoo.org/glsa/201612-16

security.netapp.com/advisory/ntap-20160504-0001/

support.apple.com/HT206903

www.openssl.org/news/secadv/20160503.txt

www.tenable.com/security/tns-2016-18

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.895

Percentile

98.8%

JSON

CVE-2016-2108

Affected configurations

References

Social References

Related