CVE-2016-2106

Published on: 05/04/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Openssl from Openssl contain the following vulnerability:

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

  • CVE-2016-2106 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
USN-2959-1: OpenSSL vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2959-1
[security-announce] SUSE-SU-2016:1231-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1231
[security-announce] openSUSE-SU-2016:1238-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1238
About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206903
[security-announce] openSUSE-SU-2016:1237-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1237
[security-announce] openSUSE-SU-2016:1273-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1273
Slackware Security Advisory - openssl Updates ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
Oracle Critical Patch Update - July 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
[security-announce] SUSE-SU-2016:1360-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1360
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-07-18-1
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities cve.report (archive)
text/html
URL Logo BID 91787
www.freebsd.org
text/plain
FREEBSD FreeBSD-SA-16:17
[security-announce] SUSE-SU-2016:1233-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1233
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1648
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
[security-announce] SUSE-SU-2016:1206-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1206
Broadcom Support Portal bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa123
[security-announce] openSUSE-SU-2016:1242-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1242
Oracle Critical Patch Update - January 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Linux Bulletin - July 2016 web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
CPU July 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
No Description Provided rhn.redhat.com

Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2056
git.openssl.org Git - openssl.git/commit git.openssl.org
text/xml
URL Logo CONFIRM git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
Oracle Critical Patch Update - October 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
[security-announce] SUSE-SU-2016:1290-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1290
[security-announce] openSUSE-SU-2016:1240-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1240
OpenSSL CVE-2016-2106 Integer Overflow Vulnerability cve.report (archive)
text/html
URL Logo BID 89744
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1650
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable™ www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-18
[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-1e39d934ed
Oracle Linux Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
[security-announce] openSUSE-SU-2016:1241-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1241
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
[SECURITY] Fedora 23 Update: openssl-1.0.2h-1.fc23 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-05c567df1a
Oracle VM Server for x86 Bulletin - July 2016 web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201612-16
The Slackware Linux Project: Slackware Security Advisories www.slackware.com
text/html
URL Logo SLACKWARE SSA:2016-124-01
OpenSSL Multiple Bugs Let Remote Users Decrypt Data, Deny Service, Obtain Potentially Sensitive Information, and Potentially Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035721
[security-announce] SUSE-SU-2016:1267-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1267
[security-announce] openSUSE-SU-2016:1243-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1243
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0722
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:0996
[security-announce] SUSE-SU-2016:1228-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1228
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 tools.cisco.com
text/html
URL Logo CISCO 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2073
Vendor Advisory
www.openssl.org
text/plain
CONFIRM www.openssl.org/news/secadv/20160503.txt
[SECURITY] Fedora 24 Update: openssl-1.0.2h-1.fc24 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-1411324654
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates kb.juniper.net
text/html
URL Logo CONFIRM kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
May 2016 OpenSSL Vulnerabilities in Multiple NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20160504-0001/
McAfee Security Bulletin: McAfee product updates fix vulnerabilities in OpenSSL that can allow an attacker to decrypt the traffic, corrupt the heap, and cause a denial of service kc.mcafee.com
text/html
URL Logo CONFIRM kc.mcafee.com/corporate/index?page=content&id=SB10160
Pixel / Nexus Security Bulletin—November 2017  |  Android Open Source Project source.android.com
text/html
URL Logo CONFIRM source.android.com/security/bulletin/pixel/2017-11-01
Public KB - SA40202 - [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory kb.pulsesecure.net
text/html
URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
[security-announce] openSUSE-SU-2016:1239-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1239
Oracle Critical Patch Update - July 2017 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2957
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1649
Debian -- Security Information -- DSA-3566-1 openssl www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3566

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpensslAllAllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node6.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node7.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node6.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node7.0AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Hpc Node Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*: