CVE-2016-2176

Published on: 05/04/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Certain versions of Openssl from Openssl contain the following vulnerability:

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

  • CVE-2016-2176 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.2 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE HIGH

CVSS2 Score: 6.4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE PARTIAL

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206903
Slackware Security Advisory - openssl Updates ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
Oracle Critical Patch Update - July 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-07-18-1
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities cve.report (archive)
text/html
URL Logo BID 91787
Broadcom Support Portal bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa123
CPU July 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Oracle Critical Patch Update - October 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable™ www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-18
OpenSSL CVE-2016-2176 Information Disclosure Vulnerability cve.report (archive)
text/html
URL Logo BID 89746
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201612-16
The Slackware Linux Project: Slackware Security Advisories www.slackware.com
text/html
URL Logo SLACKWARE SSA:2016-124-01
OpenSSL Multiple Bugs Let Remote Users Decrypt Data, Deny Service, Obtain Potentially Sensitive Information, and Potentially Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035721
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 tools.cisco.com
text/html
URL Logo CISCO 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
Vendor Advisory
www.openssl.org
text/plain
CONFIRM www.openssl.org/news/secadv/20160503.txt
May 2016 OpenSSL Vulnerabilities in Multiple NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20160504-0001/
McAfee Security Bulletin: McAfee product updates fix vulnerabilities in OpenSSL that can allow an attacker to decrypt the traffic, corrupt the heap, and cause a denial of service kc.mcafee.com
text/html
URL Logo CONFIRM kc.mcafee.com/corporate/index?page=content&id=SB10160
Public KB - SA40202 - [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory kb.pulsesecure.net
text/html
URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
git.openssl.org Git - openssl.git/commit git.openssl.org
text/xml
URL Logo CONFIRM git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpensslAllAllAllAll
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*: