Lucene search

[email protected]NVD:CVE-2016-2181

HistorySep 16, 2016 - 5:59 a.m.

CVE-2016-2181

2016-09-1605:59:01

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.59

Percentile

97.8%

JSON

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Affected configurations

Nvd

Node

opensslopensslMatch1.0.1

opensslopensslMatch1.0.1a

opensslopensslMatch1.0.1b

opensslopensslMatch1.0.1c

opensslopensslMatch1.0.1d

opensslopensslMatch1.0.1e

opensslopensslMatch1.0.1f

opensslopensslMatch1.0.1g

opensslopensslMatch1.0.1h

opensslopensslMatch1.0.1i

opensslopensslMatch1.0.1j

opensslopensslMatch1.0.1k

opensslopensslMatch1.0.1l

opensslopensslMatch1.0.1m

opensslopensslMatch1.0.1n

opensslopensslMatch1.0.1o

opensslopensslMatch1.0.1p

opensslopensslMatch1.0.1q

opensslopensslMatch1.0.1r

opensslopensslMatch1.0.1s

opensslopensslMatch1.0.1t

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2a

opensslopensslMatch1.0.2b

opensslopensslMatch1.0.2c

opensslopensslMatch1.0.2d

opensslopensslMatch1.0.2e

opensslopensslMatch1.0.2f

opensslopensslMatch1.0.2g

opensslopensslMatch1.0.2h

Node

oraclelinuxMatch6

oraclelinuxMatch7

VendorProductVersionCPE
opensslopenssl1.0.1cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
opensslopenssl1.0.1acpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
opensslopenssl1.0.1bcpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
opensslopenssl1.0.1ccpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
opensslopenssl1.0.1dcpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
opensslopenssl1.0.1ecpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
opensslopenssl1.0.1fcpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
opensslopenssl1.0.1gcpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
opensslopenssl1.0.1hcpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
opensslopenssl1.0.1icpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	1.0.1	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
openssl	openssl	1.0.1a	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
openssl	openssl	1.0.1b	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
openssl	openssl	1.0.1c	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
openssl	openssl	1.0.1d	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
openssl	openssl	1.0.1e	cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
openssl	openssl	1.0.1f	cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
openssl	openssl	1.0.1g	cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
openssl	openssl	1.0.1h	cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
openssl	openssl	1.0.1i	cpe:2.3:a:openssl:openssl:1.0.1i:::::::*

Rows per page:

1-10 of 321

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

rhn.redhat.com/errata/RHSA-2016-1940.html

seclists.org/fulldisclosure/2017/Jul/31

www-01.ibm.com/support/docview.wss?uid=swg21995039

www.debian.org/security/2016/dsa-3673

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/92982

www.securitytracker.com/id/1036690

www.splunk.com/view/SP-CAAAPSV

www.splunk.com/view/SP-CAAAPUE

www.ubuntu.com/usn/USN-3087-1

www.ubuntu.com/usn/USN-3087-2

bto.bluecoat.com/security-advisory/sa132

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

kc.mcafee.com/corporate/index?page=content&id=SB10215

security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

support.f5.com/csp/article/K59298921

www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

www.tenable.com/security/tns-2016-16

www.tenable.com/security/tns-2016-20

www.tenable.com/security/tns-2016-21

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.59

Percentile

97.8%

JSON

CVE-2016-2181

Affected configurations

References

Related