CVE-2016-2176
Published on: 05/04/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:14 PM UTC
Certain versions of Openssl from Openssl contain the following vulnerability:
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
- CVE-2016-2176 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.2 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | LOW | NONE | HIGH |
CVSS2 Score: 6.4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Oracle Solaris Bulletin - April 2016 | www.oracle.com text/html |
![]() |
About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support | support.apple.com text/html |
![]() |
Slackware Security Advisory - openssl Updates ≈ Packet Storm | packetstormsecurity.com text/html |
![]() |
Oracle Critical Patch Update - July 2016 | www.oracle.com text/html |
![]() |
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 | lists.apple.com text/html |
![]() |
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities | cve.report (archive) text/html |
![]() |
Broadcom Support Portal | bto.bluecoat.com text/html |
![]() |
CPU July 2018 | www.oracle.com text/html |
![]() |
Oracle Critical Patch Update - October 2016 | www.oracle.com text/html |
![]() |
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable™ | www.tenable.com text/html |
![]() |
OpenSSL CVE-2016-2176 Information Disclosure Vulnerability | cve.report (archive) text/html |
![]() |
Document Display | HPE Support Center | h20566.www2.hpe.com text/html |
![]() |
OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security | security.gentoo.org text/html |
![]() |
The Slackware Linux Project: Slackware Security Advisories | www.slackware.com text/html |
![]() |
OpenSSL Multiple Bugs Let Remote Users Decrypt Data, Deny Service, Obtain Potentially Sensitive Information, and Potentially Execute Arbitrary Code - SecurityTracker | www.securitytracker.com text/html |
![]() |
Document Display | HPE Support Center | h20566.www2.hpe.com text/html |
![]() |
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 | tools.cisco.com text/html |
![]() |
Vendor Advisory www.openssl.org text/plain |
![]() | |
May 2016 OpenSSL Vulnerabilities in Multiple NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
McAfee Security Bulletin: McAfee product updates fix vulnerabilities in OpenSSL that can allow an attacker to decrypt the traffic, corrupt the heap, and cause a denial of service | kc.mcafee.com text/html |
![]() |
Public KB - SA40202 - [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory | kb.pulsesecure.net text/html |
![]() |
git.openssl.org Git - openssl.git/commit | git.openssl.org text/xml |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.2a | All | All | All |
Application | Openssl | Openssl | 1.0.2b | All | All | All |
Application | Openssl | Openssl | 1.0.2c | All | All | All |
Application | Openssl | Openssl | 1.0.2d | All | All | All |
Application | Openssl | Openssl | 1.0.2e | All | All | All |
Application | Openssl | Openssl | 1.0.2f | All | All | All |
Application | Openssl | Openssl | 1.0.2g | All | All | All |
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.2a | All | All | All |
Application | Openssl | Openssl | 1.0.2b | All | All | All |
Application | Openssl | Openssl | 1.0.2c | All | All | All |
Application | Openssl | Openssl | 1.0.2d | All | All | All |
Application | Openssl | Openssl | 1.0.2e | All | All | All |
Application | Openssl | Openssl | 1.0.2f | All | All | All |
Application | Openssl | Openssl | 1.0.2g | All | All | All |
Application | Openssl | Openssl | All | All | All | All |
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE