CVE-2016-2179

Published on: 09/16/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:16 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Openssl from Openssl contain the following vulnerability:

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

  • CVE-2016-2179 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
Document Display | HPE Support Center support.hpe.com
text/html
URL Logo CONFIRM support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
/news/vulnerabilities.html Vendor Advisory
www.openssl.org
text/html
URL Logo MISC www.openssl.org/news/vulnerabilities.html#y2017
Oracle Critical Patch Update - January 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - April 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Splunk Enterprise 6.4.5 addresses multiple vulnerabilities | Splunk Third Party Advisory
www.splunk.com
text/html
URL Logo CONFIRM www.splunk.com/view/SP-CAAAPUE
Oracle Linux Bulletin - October 2016 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Oracle Critical Patch Update - October 2016 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
OpenSSL DTLS Fragment Processing Error Lets Remote Users Consume Excessive Memory Resources - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036689
Public KB - SA40312 - September 22 2016 OpenSSL Security Advisory Third Party Advisory
kb.pulsesecure.net
text/html
URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1940
[R5] Nessus 6.9 Fixes Multiple Vulnerabilities - Security Advisory | Tenable Network Security Third Party Advisory
www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-16
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016 Third Party Advisory
bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa132
Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities | Splunk Third Party Advisory
www.splunk.com
text/html
URL Logo CONFIRM www.splunk.com/view/SP-CAAAPSV
git.openssl.org Git - openssl.git/commit Issue Tracking
Patch
Third Party Advisory
git.openssl.org
text/xml
URL Logo CONFIRM git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
Oracle VM Server for x86 Bulletin - October 2016 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
[R2] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-20
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates Third Party Advisory
kb.juniper.net
text/html
URL Logo CONFIRM kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware - United States Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www-01.ibm.com/support/docview.wss?uid=swg21995039
Oracle Critical Patch Update - July 2017 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
[R1] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-21
Oracle Critical Patch Update - October 2017 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
security.FreeBSD.org
text/plain
URL Logo FREEBSD FreeBSD-SA-16:26
OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities Third Party Advisory
cve.report (archive)
text/html
URL Logo BID 92987

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOpensslOpenssl1.0.1AllAllAll
ApplicationOpensslOpenssl1.0.1aAllAllAll
ApplicationOpensslOpenssl1.0.1bAllAllAll
ApplicationOpensslOpenssl1.0.1cAllAllAll
ApplicationOpensslOpenssl1.0.1dAllAllAll
ApplicationOpensslOpenssl1.0.1eAllAllAll
ApplicationOpensslOpenssl1.0.1fAllAllAll
ApplicationOpensslOpenssl1.0.1gAllAllAll
ApplicationOpensslOpenssl1.0.1hAllAllAll
ApplicationOpensslOpenssl1.0.1iAllAllAll
ApplicationOpensslOpenssl1.0.1jAllAllAll
ApplicationOpensslOpenssl1.0.1kAllAllAll
ApplicationOpensslOpenssl1.0.1lAllAllAll
ApplicationOpensslOpenssl1.0.1mAllAllAll
ApplicationOpensslOpenssl1.0.1nAllAllAll
ApplicationOpensslOpenssl1.0.1oAllAllAll
ApplicationOpensslOpenssl1.0.1pAllAllAll
ApplicationOpensslOpenssl1.0.1qAllAllAll
ApplicationOpensslOpenssl1.0.1rAllAllAll
ApplicationOpensslOpenssl1.0.1sAllAllAll
ApplicationOpensslOpenssl1.0.1tAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpenssl1.0.2hAllAllAll
ApplicationOpensslOpenssl1.0.1AllAllAll
ApplicationOpensslOpenssl1.0.1aAllAllAll
ApplicationOpensslOpenssl1.0.1bAllAllAll
ApplicationOpensslOpenssl1.0.1cAllAllAll
ApplicationOpensslOpenssl1.0.1dAllAllAll
ApplicationOpensslOpenssl1.0.1eAllAllAll
ApplicationOpensslOpenssl1.0.1fAllAllAll
ApplicationOpensslOpenssl1.0.1gAllAllAll
ApplicationOpensslOpenssl1.0.1hAllAllAll
ApplicationOpensslOpenssl1.0.1iAllAllAll
ApplicationOpensslOpenssl1.0.1jAllAllAll
ApplicationOpensslOpenssl1.0.1kAllAllAll
ApplicationOpensslOpenssl1.0.1lAllAllAll
ApplicationOpensslOpenssl1.0.1mAllAllAll
ApplicationOpensslOpenssl1.0.1nAllAllAll
ApplicationOpensslOpenssl1.0.1oAllAllAll
ApplicationOpensslOpenssl1.0.1pAllAllAll
ApplicationOpensslOpenssl1.0.1qAllAllAll
ApplicationOpensslOpenssl1.0.1rAllAllAll
ApplicationOpensslOpenssl1.0.1sAllAllAll
ApplicationOpensslOpenssl1.0.1tAllAllAll
ApplicationOpensslOpenssl1.0.2AllAllAll
ApplicationOpensslOpenssl1.0.2aAllAllAll
ApplicationOpensslOpenssl1.0.2bAllAllAll
ApplicationOpensslOpenssl1.0.2cAllAllAll
ApplicationOpensslOpenssl1.0.2dAllAllAll
ApplicationOpensslOpenssl1.0.2eAllAllAll
ApplicationOpensslOpenssl1.0.2fAllAllAll
ApplicationOpensslOpenssl1.0.2gAllAllAll
ApplicationOpensslOpenssl1.0.2hAllAllAll
Operating
System
OracleLinux6AllAllAll
Operating
System
OracleLinux7AllAllAll
Operating
System
OracleLinux6AllAllAll
Operating
System
OracleLinux7AllAllAll
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*: