CVE-2016-2179
Published on: 09/16/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:16 PM UTC
Certain versions of Openssl from Openssl contain the following vulnerability:
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
- CVE-2016-2179 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Document Display | HPE Support Center | support.hpe.com text/html |
![]() |
/news/vulnerabilities.html | Vendor Advisory www.openssl.org text/html |
![]() |
Oracle Critical Patch Update - January 2018 | www.oracle.com text/html |
![]() |
Oracle Critical Patch Update - April 2018 | www.oracle.com text/html |
![]() |
Splunk Enterprise 6.4.5 addresses multiple vulnerabilities | Splunk | Third Party Advisory www.splunk.com text/html |
![]() |
Oracle Linux Bulletin - October 2016 | Third Party Advisory www.oracle.com text/html |
![]() |
Oracle Critical Patch Update - October 2016 | Third Party Advisory www.oracle.com text/html |
![]() |
OpenSSL DTLS Fragment Processing Error Lets Remote Users Consume Excessive Memory Resources - SecurityTracker | www.securitytracker.com text/html |
![]() |
Public KB - SA40312 - September 22 2016 OpenSSL Security Advisory | Third Party Advisory kb.pulsesecure.net text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
[R5] Nessus 6.9 Fixes Multiple Vulnerabilities - Security Advisory | Tenable Network Security | Third Party Advisory www.tenable.com text/html |
![]() |
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016 | Third Party Advisory bto.bluecoat.com text/html |
![]() |
Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities | Splunk | Third Party Advisory www.splunk.com text/html |
![]() |
git.openssl.org Git - openssl.git/commit | Issue Tracking Patch Third Party Advisory git.openssl.org text/xml |
![]() |
Oracle VM Server for x86 Bulletin - October 2016 | Third Party Advisory www.oracle.com text/html |
![]() |
[R2] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security | www.tenable.com text/html |
![]() |
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates | Third Party Advisory kb.juniper.net text/html |
![]() |
IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware - United States | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Oracle Critical Patch Update - July 2017 | www.oracle.com text/html |
![]() |
[R1] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security | www.tenable.com text/html |
![]() |
Oracle Critical Patch Update - October 2017 | www.oracle.com text/html |
![]() |
security.FreeBSD.org text/plain |
![]() | |
OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities | Third Party Advisory cve.report (archive) text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Openssl | Openssl | 1.0.1 | All | All | All |
Application | Openssl | Openssl | 1.0.1a | All | All | All |
Application | Openssl | Openssl | 1.0.1b | All | All | All |
Application | Openssl | Openssl | 1.0.1c | All | All | All |
Application | Openssl | Openssl | 1.0.1d | All | All | All |
Application | Openssl | Openssl | 1.0.1e | All | All | All |
Application | Openssl | Openssl | 1.0.1f | All | All | All |
Application | Openssl | Openssl | 1.0.1g | All | All | All |
Application | Openssl | Openssl | 1.0.1h | All | All | All |
Application | Openssl | Openssl | 1.0.1i | All | All | All |
Application | Openssl | Openssl | 1.0.1j | All | All | All |
Application | Openssl | Openssl | 1.0.1k | All | All | All |
Application | Openssl | Openssl | 1.0.1l | All | All | All |
Application | Openssl | Openssl | 1.0.1m | All | All | All |
Application | Openssl | Openssl | 1.0.1n | All | All | All |
Application | Openssl | Openssl | 1.0.1o | All | All | All |
Application | Openssl | Openssl | 1.0.1p | All | All | All |
Application | Openssl | Openssl | 1.0.1q | All | All | All |
Application | Openssl | Openssl | 1.0.1r | All | All | All |
Application | Openssl | Openssl | 1.0.1s | All | All | All |
Application | Openssl | Openssl | 1.0.1t | All | All | All |
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2a | All | All | All |
Application | Openssl | Openssl | 1.0.2b | All | All | All |
Application | Openssl | Openssl | 1.0.2c | All | All | All |
Application | Openssl | Openssl | 1.0.2d | All | All | All |
Application | Openssl | Openssl | 1.0.2e | All | All | All |
Application | Openssl | Openssl | 1.0.2f | All | All | All |
Application | Openssl | Openssl | 1.0.2g | All | All | All |
Application | Openssl | Openssl | 1.0.2h | All | All | All |
Application | Openssl | Openssl | 1.0.1 | All | All | All |
Application | Openssl | Openssl | 1.0.1a | All | All | All |
Application | Openssl | Openssl | 1.0.1b | All | All | All |
Application | Openssl | Openssl | 1.0.1c | All | All | All |
Application | Openssl | Openssl | 1.0.1d | All | All | All |
Application | Openssl | Openssl | 1.0.1e | All | All | All |
Application | Openssl | Openssl | 1.0.1f | All | All | All |
Application | Openssl | Openssl | 1.0.1g | All | All | All |
Application | Openssl | Openssl | 1.0.1h | All | All | All |
Application | Openssl | Openssl | 1.0.1i | All | All | All |
Application | Openssl | Openssl | 1.0.1j | All | All | All |
Application | Openssl | Openssl | 1.0.1k | All | All | All |
Application | Openssl | Openssl | 1.0.1l | All | All | All |
Application | Openssl | Openssl | 1.0.1m | All | All | All |
Application | Openssl | Openssl | 1.0.1n | All | All | All |
Application | Openssl | Openssl | 1.0.1o | All | All | All |
Application | Openssl | Openssl | 1.0.1p | All | All | All |
Application | Openssl | Openssl | 1.0.1q | All | All | All |
Application | Openssl | Openssl | 1.0.1r | All | All | All |
Application | Openssl | Openssl | 1.0.1s | All | All | All |
Application | Openssl | Openssl | 1.0.1t | All | All | All |
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2a | All | All | All |
Application | Openssl | Openssl | 1.0.2b | All | All | All |
Application | Openssl | Openssl | 1.0.2c | All | All | All |
Application | Openssl | Openssl | 1.0.2d | All | All | All |
Application | Openssl | Openssl | 1.0.2e | All | All | All |
Application | Openssl | Openssl | 1.0.2f | All | All | All |
Application | Openssl | Openssl | 1.0.2g | All | All | All |
Application | Openssl | Openssl | 1.0.2h | All | All | All |
Operating System | Oracle | Linux | 6 | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
Operating System | Oracle | Linux | 6 | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE