Lucene search
F5F5:K52349521HistoryApr 27, 2016 - 12:00 a.m.
K52349521 : OpenSSL vulnerability CVE-2016-2842
2016-04-2700:00:00
my.f5.com
79
Security Advisory Description
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. (CVE-2016-2842)
Impact
ARX, FirePass, and F5 WebSafe
There is no impact; these F5 products are not affected by this vulnerability.
BIG-IP, BIG-IQ, F5 iWorkflow, Enterprise Manager, LineRate, and Traffix SDC
In default configurations, there is no impact. This vulnerability exposure is limited to:
- The OpenSSL utility
- BIG-IP custom monitors that call external scripts, when the external scripts are customized by the OpenSSL utility to parse ASN.1 data
Note: Standard BIG-IP monitors, such as HTTPS monitors, are not affected by this vulnerability.
Related
nvd
nvd
CVE-2016-2842
2016-03-03 20:59:04
CVE-2016-0799
2016-03-03 20:59:03
f5
f5
SOL52349521 - OpenSSL vulnerability CVE-2016-2842
2016-04-27 00:00:00
K22334603 : OpenSSL vulnerability CVE-2016-0799
2016-03-25 00:00:00
SOL22334603 - OpenSSL vulnerability CVE-2016-0799
2016-03-25 00:00:00
debiancve
debiancve
CVE-2016-2842
2016-03-03 20:59:04
CVE-2016-0799
2016-03-03 20:59:03
prion
prion
Out-of-bounds
2016-03-03 20:59:00
Out-of-bounds
2016-03-03 20:59:00
cve
cve
CVE-2016-0799
2016-03-03 20:59:03
CVE-2016-2842
2016-03-03 20:59:04
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K52349521)
2016-08-30 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (K22334603)
2016-08-04 00:00:00
EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2019-2217)
2019-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2016-2842
2016-03-03 00:00:00
CVE-2016-0799
2016-03-01 00:00:00
cvelist
cvelist
CVE-2016-0799
2016-03-03 00:00:00
CVE-2016-2842
2016-03-03 20:00:00
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2017-01-26 03:40:33
Denial Of Service (DoS)
2017-01-24 03:10:38
Denial Of Service (DoS)
2019-01-15 09:11:28
aix
aix
Vulnerability in OpenSSL affects AIX
2016-04-18 10:40:50
Multiple vulnerabilities in OpenSSL affect AIX
2016-04-04 11:04:25
hackerone
hackerone
Internet Bug Bounty: CVE-2016-0799 memory issues in BIO_*printf functions
2016-02-25 23:17:09
openssl
openssl
Vulnerability in OpenSSL CVE-2016-0799
2016-03-01 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2019-2217)
2020-01-23 00:00:00
OpenSSL Multiple Vulnerabilities -01 (Mar 2016) - Windows
2016-03-03 00:00:00
OpenSSL Multiple Vulnerabilities -01 (Mar 2016) - Linux
2016-03-03 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-05-09 00:00:00
openssl security update
2016-05-13 00:00:00
openssl-fips security update
2016-06-15 00:00:00
redhat
redhat
(RHSA-2016:0722) Important: openssl security update
2016-05-09 04:44:04
(RHSA-2016:0996) Important: openssl security update
2016-05-10 07:00:21
(RHSA-2016:2073) Important: openssl security update
2016-10-18 06:21:20
archlinux
archlinux
openssl: multiple issues
2016-03-07 00:00:00
lib32-openssl: multiple issues
2016-03-07 00:00:00
centos
centos
openssl security update
2016-05-16 10:25:52
openssl security update
2016-05-09 08:40:50
amazon
amazon
Important: openssl
2016-03-10 16:30:00
osv
osv
openssl - security update
2016-03-01 00:00:00
ics
ics
Advantech Spectre RT Industrial Routers
2021-02-23 12:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-14.fc22
2016-03-13 09:57:52
[SECURITY] Fedora 23 Update: openssl-1.0.2g-2.fc23
2016-03-03 20:27:06
[SECURITY] Fedora 24 Update: mingw-openssl-1.0.2h-1.fc24
2016-05-16 17:21:44
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
2016-03-02 12:30:00
symantec
symantec
SA117 : OpenSSL Vulnerabilities 1-Mar-2016
2016-03-07 08:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-03-01 00:00:00
cloudfoundry
cloudfoundry
USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
suse
suse
Security update for openssl (important)
2016-03-02 12:11:42
Security update for openssl (important)
2016-03-03 15:11:31
Security update for openssl (important)
2016-03-11 14:14:22
mageia
mageia
Updated openssl packages fix security vulnerabilities
2016-03-02 21:28:46
slackware
slackware
[slackware-security] openssl
2016-03-03 06:56:40
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2g-alt1
2016-03-01 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2g-alt1
2016-03-01 00:00:00
debian
debian
[SECURITY] [DSA 3500-1] openssl security update
2016-03-01 14:34:35
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:12.openssl
2016-03-10 00:00:00
freebsd
freebsd
FreeBSD -- Multiple OpenSSL vulnerabilities
2016-03-10 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-03-20 00:00:00
arista
arista
Security Advisory 0018
2016-03-01 00:00:00
openwrt
openwrt
openssl: Security update (9 CVEs)
2016-03-01 16:52:09