Lucene search

RedhatCVE-2016-2180

HistoryAug 01, 2016 - 2:59 a.m.

CVE-2016-2180

2016-08-0102:59:11

CWE-125

redhat

web.nvd.nist.gov

160

cve

2016

2180

nvd

openssl

denial of service

out-of-bounds read

application crash

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.206

Percentile

96.4%

JSON

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the “openssl ts” command.

Affected configurations

Nvd

Node

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

opensslopensslMatch1.0.1i

opensslopensslMatch1.0.1j

opensslopensslMatch1.0.1k

opensslopensslMatch1.0.1l

opensslopensslMatch1.0.1m

opensslopensslMatch1.0.1n

opensslopensslMatch1.0.1o

opensslopensslMatch1.0.1p

opensslopensslMatch1.0.1q

opensslopensslMatch1.0.1r

opensslopensslMatch1.0.1s

opensslopensslMatch1.0.1t

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2a

opensslopensslMatch1.0.2b

opensslopensslMatch1.0.2c

opensslopensslMatch1.0.2d

opensslopensslMatch1.0.2e

opensslopensslMatch1.0.2f

opensslopensslMatch1.0.2g

opensslopensslMatch1.0.2h

Node

oraclelinuxMatch6

oraclelinuxMatch7

VendorProductVersionCPE
opensslopenssl1.0.1cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
opensslopenssl1.0.1acpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
opensslopenssl1.0.1bcpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
opensslopenssl1.0.1ccpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
opensslopenssl1.0.1dcpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
opensslopenssl1.0.1ecpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
opensslopenssl1.0.1fcpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
opensslopenssl1.0.1gcpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
opensslopenssl1.0.1hcpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
opensslopenssl1.0.1icpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	1.0.1	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
openssl	openssl	1.0.1a	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
openssl	openssl	1.0.1b	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
openssl	openssl	1.0.1c	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
openssl	openssl	1.0.1d	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
openssl	openssl	1.0.1e	cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
openssl	openssl	1.0.1f	cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
openssl	openssl	1.0.1g	cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
openssl	openssl	1.0.1h	cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
openssl	openssl	1.0.1i	cpe:2.3:a:openssl:openssl:1.0.1i:::::::*