CVE-2016-2176

Published on: 05/04/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

CVE-2016-2176

Source: Mitre
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Certain versions of Openssl from Openssl contain the following vulnerability:

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

  • CVE-2016-2176 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.2 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED LOW NONE HIGH

CVSS2 Score: 6.4 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK LOW NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL NONE PARTIAL

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support support.apple.com
text/html
 URL Logo CONFIRM support.apple.com/HT206903
Slackware Security Advisory - openssl Updates ≈ Packet Storm packetstormsecurity.com
text/html
 URL Logo MISC packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
Oracle Critical Patch Update - July 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 lists.apple.com
text/html
 URL Logo APPLE APPLE-SA-2016-07-18-1
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities cve.report (archive)
text/html
 URL Logo BID 91787
Broadcom Support Portal bto.bluecoat.com
text/html
 URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa123
CPU July 2018 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Oracle Critical Patch Update - October 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable™ www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2016-18
OpenSSL CVE-2016-2176 Information Disclosure Vulnerability cve.report (archive)
text/html
 URL Logo BID 89746
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
 URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security security.gentoo.org
text/html
 URL Logo GENTOO GLSA-201612-16
The Slackware Linux Project: Slackware Security Advisories www.slackware.com
text/html
 URL Logo SLACKWARE SSA:2016-124-01
OpenSSL Multiple Bugs Let Remote Users Decrypt Data, Deny Service, Obtain Potentially Sensitive Information, and Potentially Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
 URL Logo SECTRACK 1035721
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
 URL Logo CONFIRM h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 tools.cisco.com
text/html
 URL Logo CISCO 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
Vendor Advisory
www.openssl.org
text/plain
 CONFIRM www.openssl.org/news/secadv/20160503.txt
May 2016 OpenSSL Vulnerabilities in Multiple NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20160504-0001/
McAfee Security Bulletin: McAfee product updates fix vulnerabilities in OpenSSL that can allow an attacker to decrypt the traffic, corrupt the heap, and cause a denial of service kc.mcafee.com
text/html
 URL Logo CONFIRM kc.mcafee.com/corporate/index?page=content&id=SB10160
Public KB - SA40202 - [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory kb.pulsesecure.net
text/html
 URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
git.openssl.org Git - openssl.git/commit git.openssl.org
text/xml
 URL Logo CONFIRM git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2beta1AllAll
ApplicationOpensslOpenssl1.0.2beta2AllAll
ApplicationOpensslOpenssl1.0.2beta3AllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpensslAllAllAllAll
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*: