Lucene search

[email protected]NVD:CVE-2016-2180

HistoryAug 01, 2016 - 2:59 a.m.

CVE-2016-2180

2016-08-0102:59:11

CWE-125

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.206

Percentile

96.4%

JSON

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the “openssl ts” command.

Affected configurations

Nvd

Node

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

opensslopensslMatch1.0.1i

opensslopensslMatch1.0.1j

opensslopensslMatch1.0.1k

opensslopensslMatch1.0.1l

opensslopensslMatch1.0.1m

opensslopensslMatch1.0.1n

opensslopensslMatch1.0.1o

opensslopensslMatch1.0.1p

opensslopensslMatch1.0.1q

opensslopensslMatch1.0.1r

opensslopensslMatch1.0.1s

opensslopensslMatch1.0.1t

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2a

opensslopensslMatch1.0.2b

opensslopensslMatch1.0.2c

opensslopensslMatch1.0.2d

opensslopensslMatch1.0.2e

opensslopensslMatch1.0.2f

opensslopensslMatch1.0.2g

opensslopensslMatch1.0.2h

Node

oraclelinuxMatch6

oraclelinuxMatch7

VendorProductVersionCPE
opensslopenssl1.0.1cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
opensslopenssl1.0.1acpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
opensslopenssl1.0.1bcpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
opensslopenssl1.0.1ccpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
opensslopenssl1.0.1dcpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
opensslopenssl1.0.1ecpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
opensslopenssl1.0.1fcpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
opensslopenssl1.0.1gcpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
opensslopenssl1.0.1hcpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
opensslopenssl1.0.1icpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	1.0.1	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
openssl	openssl	1.0.1a	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
openssl	openssl	1.0.1b	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
openssl	openssl	1.0.1c	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
openssl	openssl	1.0.1d	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
openssl	openssl	1.0.1e	cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
openssl	openssl	1.0.1f	cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
openssl	openssl	1.0.1g	cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
openssl	openssl	1.0.1h	cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
openssl	openssl	1.0.1i	cpe:2.3:a:openssl:openssl:1.0.1i:::::::*