CVE-2016-2179

Published on: 09/16/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:16 PM UTC

CVE-2016-2179

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Openssl from Openssl contain the following vulnerability:

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

CVE-2016-2179 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	NONE	NONE	HIGH

CVSS2 Score: 5 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
NONE	NONE	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
Document Display \| HPE Support Center	support.hpe.com text/html	CONFIRM support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
/news/vulnerabilities.html	Vendor Advisory www.openssl.org text/html	MISC www.openssl.org/news/vulnerabilities.html#y2017
Oracle Critical Patch Update - January 2018	www.oracle.com text/html	CONFIRM www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - April 2018	www.oracle.com text/html	CONFIRM www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Splunk Enterprise 6.4.5 addresses multiple vulnerabilities \| Splunk	Third Party Advisory www.splunk.com text/html	CONFIRM www.splunk.com/view/SP-CAAAPUE
Oracle Linux Bulletin - October 2016	Third Party Advisory www.oracle.com text/html	CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Oracle Critical Patch Update - October 2016	Third Party Advisory www.oracle.com text/html	CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
OpenSSL DTLS Fragment Processing Error Lets Remote Users Consume Excessive Memory Resources - SecurityTracker	www.securitytracker.com text/html	SECTRACK 1036689
Public KB - SA40312 - September 22 2016 OpenSSL Security Advisory	Third Party Advisory kb.pulsesecure.net text/html	CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Red Hat Customer Portal	web.archive.org text/html Inactive LinkNot Archived	REDHAT RHSA-2016:1940
[R5] Nessus 6.9 Fixes Multiple Vulnerabilities - Security Advisory \| Tenable Network Security	Third Party Advisory www.tenable.com text/html	CONFIRM www.tenable.com/security/tns-2016-16
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016	Third Party Advisory bto.bluecoat.com text/html	CONFIRM bto.bluecoat.com/security-advisory/sa132
Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities \| Splunk	Third Party Advisory www.splunk.com text/html	CONFIRM www.splunk.com/view/SP-CAAAPSV
git.openssl.org Git - openssl.git/commit	Issue Tracking Patch Third Party Advisory git.openssl.org text/xml	CONFIRM git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
Oracle VM Server for x86 Bulletin - October 2016	Third Party Advisory www.oracle.com text/html	CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
[R2] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory \| Tenable Network Security	www.tenable.com text/html	CONFIRM www.tenable.com/security/tns-2016-20
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates	Third Party Advisory kb.juniper.net text/html	CONFIRM kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware - United States	Third Party Advisory web.archive.org text/html Inactive LinkNot Archived	CONFIRM www-01.ibm.com/support/docview.wss?uid=swg21995039
Oracle Critical Patch Update - July 2017	www.oracle.com text/html	CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
[R1] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory \| Tenable Network Security	www.tenable.com text/html	CONFIRM www.tenable.com/security/tns-2016-21
Oracle Critical Patch Update - October 2017	www.oracle.com text/html	CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	security.FreeBSD.org text/plain	FREEBSD FreeBSD-SA-16:26
OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities	Third Party Advisory cve.report (archive) text/html	BID 92987

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	1.0.1	All	All	All
Application	Openssl	Openssl	1.0.1a	All	All	All
Application	Openssl	Openssl	1.0.1b	All	All	All
Application	Openssl	Openssl	1.0.1c	All	All	All
Application	Openssl	Openssl	1.0.1d	All	All	All
Application	Openssl	Openssl	1.0.1e	All	All	All
Application	Openssl	Openssl	1.0.1f	All	All	All
Application	Openssl	Openssl	1.0.1g	All	All	All
Application	Openssl	Openssl	1.0.1h	All	All	All
Application	Openssl	Openssl	1.0.1i	All	All	All
Application	Openssl	Openssl	1.0.1j	All	All	All
Application	Openssl	Openssl	1.0.1k	All	All	All
Application	Openssl	Openssl	1.0.1l	All	All	All
Application	Openssl	Openssl	1.0.1m	All	All	All
Application	Openssl	Openssl	1.0.1n	All	All	All
Application	Openssl	Openssl	1.0.1o	All	All	All
Application	Openssl	Openssl	1.0.1p	All	All	All
Application	Openssl	Openssl	1.0.1q	All	All	All
Application	Openssl	Openssl	1.0.1r	All	All	All
Application	Openssl	Openssl	1.0.1s	All	All	All
Application	Openssl	Openssl	1.0.1t	All	All	All
Application	Openssl	Openssl	1.0.2	All	All	All
Application	Openssl	Openssl	1.0.2a	All	All	All
Application	Openssl	Openssl	1.0.2b	All	All	All
Application	Openssl	Openssl	1.0.2c	All	All	All
Application	Openssl	Openssl	1.0.2d	All	All	All
Application	Openssl	Openssl	1.0.2e	All	All	All
Application	Openssl	Openssl	1.0.2f	All	All	All
Application	Openssl	Openssl	1.0.2g	All	All	All
Application	Openssl	Openssl	1.0.2h	All	All	All
Application	Openssl	Openssl	1.0.1	All	All	All
Application	Openssl	Openssl	1.0.1a	All	All	All
Application	Openssl	Openssl	1.0.1b	All	All	All
Application	Openssl	Openssl	1.0.1c	All	All	All
Application	Openssl	Openssl	1.0.1d	All	All	All
Application	Openssl	Openssl	1.0.1e	All	All	All
Application	Openssl	Openssl	1.0.1f	All	All	All
Application	Openssl	Openssl	1.0.1g	All	All	All
Application	Openssl	Openssl	1.0.1h	All	All	All
Application	Openssl	Openssl	1.0.1i	All	All	All
Application	Openssl	Openssl	1.0.1j	All	All	All
Application	Openssl	Openssl	1.0.1k	All	All	All
Application	Openssl	Openssl	1.0.1l	All	All	All
Application	Openssl	Openssl	1.0.1m	All	All	All
Application	Openssl	Openssl	1.0.1n	All	All	All
Application	Openssl	Openssl	1.0.1o	All	All	All
Application	Openssl	Openssl	1.0.1p	All	All	All
Application	Openssl	Openssl	1.0.1q	All	All	All
Application	Openssl	Openssl	1.0.1r	All	All	All
Application	Openssl	Openssl	1.0.1s	All	All	All
Application	Openssl	Openssl	1.0.1t	All	All	All
Application	Openssl	Openssl	1.0.2	All	All	All
Application	Openssl	Openssl	1.0.2a	All	All	All
Application	Openssl	Openssl	1.0.2b	All	All	All
Application	Openssl	Openssl	1.0.2c	All	All	All
Application	Openssl	Openssl	1.0.2d	All	All	All
Application	Openssl	Openssl	1.0.2e	All	All	All
Application	Openssl	Openssl	1.0.2f	All	All	All
Application	Openssl	Openssl	1.0.2g	All	All	All
Application	Openssl	Openssl	1.0.2h	All	All	All
Operating System	Oracle	Linux	6	All	All	All
Operating System	Oracle	Linux	7	All	All	All
Operating System	Oracle	Linux	6	All	All	All
Operating System	Oracle	Linux	7	All	All	All

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*:
cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE