{"api_version":"1","generated_at":"2026-05-13T01:20:55+00:00","cve":"CVE-2016-2109","urls":{"html":"https://cve.report/CVE-2016-2109","api":"https://cve.report/api/cve/CVE-2016-2109.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-2109","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-2109"},"summary":{"title":"CVE-2016-2109","description":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.","state":"PUBLISHED","assigner":"redhat","published_at":"2016-05-05 01:59:05","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-399","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securitytracker.com/id/1035721","name":"http://www.securitytracker.com/id/1035721","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"OpenSSL Multiple Bugs Let Remote Users Decrypt Data, Deny Service, Obtain Potentially Sensitive Information, and Potentially Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE-SU-2016:1228-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us","name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0996.html","name":"http://rhn.redhat.com/errata/RHSA-2016-0996.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1240-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1273-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.tenable.com/security/tns-2016-18","name":"https://www.tenable.com/security/tns-2016-18","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable™","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202","name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Public KB - SA40202 - [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1238-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1243-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20160504-0001/","name":"https://security.netapp.com/advisory/ntap-20160504-0001/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"May 2016 OpenSSL Vulnerabilities in Multiple NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openssl.org/news/secadv/20160503.txt","name":"https://www.openssl.org/news/secadv/20160503.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update - October 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle VM Server for x86 Bulletin - July 2016","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE-SU-2016:1360-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/87940","name":"http://www.securityfocus.com/bid/87940","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"OpenSSL 'crypto/asn1/a_d2i_fp.c' Local Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE-SU-2016:1206-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201612-16","name":"https://security.gentoo.org/glsa/201612-16","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2959-1","name":"http://www.ubuntu.com/usn/USN-2959-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-2959-1: OpenSSL vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE-SU-2016:1290-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl","name":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE-SU-2016:1231-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update - July 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Linux Bulletin - July 2016","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759","name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807","name":"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"git.openssl.org Git - openssl.git/commit","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10160","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10160","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"McAfee Security Bulletin: McAfee product updates fix vulnerabilities in OpenSSL that can allow an attacker to decrypt the traffic, corrupt the heap, and cause a denial of service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2073.html","name":"http://rhn.redhat.com/errata/RHSA-2016-2073.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE-SU-2016:1233-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2957.html","name":"http://rhn.redhat.com/errata/RHSA-2016-2957.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc","name":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update - January 2018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://source.android.com/security/bulletin/2017-07-01","name":"https://source.android.com/security/bulletin/2017-07-01","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Android Security Bulletin—July 2017  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2056.html","name":"http://rhn.redhat.com/errata/RHSA-2016-2056.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1237-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE-SU-2016:1267-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2016/dsa-3566","name":"http://www.debian.org/security/2016/dsa-3566","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-3566-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html","name":"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Slackware Security Advisory - openssl Updates ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1242-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bto.bluecoat.com/security-advisory/sa123","name":"https://bto.bluecoat.com/security-advisory/sa123","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Broadcom Support Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1239-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0722.html","name":"http://rhn.redhat.com/errata/RHSA-2016-0722.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CPU July 2018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149","name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update - July 2017","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Linux Bulletin - April 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.apple.com/HT206903","name":"https://support.apple.com/HT206903","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html","name":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] openSUSE-SU-2016:1241-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us","name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/91787","name":"http://www.securityfocus.com/bid/91787","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle July 2016 Critical Patch Update Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103","name":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","name":"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\t2016-004","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Solaris Bulletin - April 2016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807","name":"CONFIRM:https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807","refsource":"MITRE","tags":[],"title":"git.openssl.org Git - openssl.git/commit","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-2109","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2109","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2","cpe7":"beta1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2","cpe7":"beta3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2a","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2b","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2c","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2d","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2f","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"1.0.2g","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"1.0.1s","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_hpc_node","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_hpc_node","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_hpc_node_eus","cpe6":"7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_eus","cpe6":"7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"2109","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2016-2109","qid":"390226","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)"},{"cve":"CVE-2016-2109","qid":"390284","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)"},{"cve":"CVE-2016-2109","qid":"43588","title":"Huawei Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (huawei-sa-20160706-01-openssl)"},{"cve":"CVE-2016-2109","qid":"591093","title":"ABB Relion 650, Relion 670 Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (ABB-VU-PGGA-1MRG024369) (ABB-VU-PGGA-1MRG025160)"},{"cve":"CVE-2016-2109","qid":"591280","title":"Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T23:17:50.542Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"tags":["x_transferred"],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"},{"name":"SSA:2016-124-01","tags":["vendor-advisory","x_transferred"],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103"},{"name":"RHSA-2016:2056","tags":["vendor-advisory","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-2056.html"},{"name":"openSUSE-SU-2016:1238","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"},{"name":"openSUSE-SU-2016:1242","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"SUSE-SU-2016:1267","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"},{"name":"RHSA-2016:2073","tags":["vendor-advisory","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-2073.html"},{"tags":["x_transferred"],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"name":"DSA-3566","tags":["vendor-advisory","x_transferred"],"url":"http://www.debian.org/security/2016/dsa-3566"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"tags":["x_transferred"],"url":"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"tags":["x_transferred"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10160"},{"name":"openSUSE-SU-2016:1243","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"},{"tags":["x_transferred"],"url":"https://source.android.com/security/bulletin/2017-07-01"},{"name":"GLSA-201612-16","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/201612-16"},{"name":"SUSE-SU-2016:1228","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"},{"name":"1035721","tags":["vdb-entry","x_transferred"],"url":"http://www.securitytracker.com/id/1035721"},{"name":"openSUSE-SU-2016:1239","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"},{"name":"SUSE-SU-2016:1206","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"},{"name":"20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016","tags":["vendor-advisory","x_transferred"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"name":"SUSE-SU-2016:1231","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"},{"tags":["x_transferred"],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"name":"openSUSE-SU-2016:1240","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"},{"name":"openSUSE-SU-2016:1241","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"},{"name":"APPLE-SA-2016-07-18-1","tags":["vendor-advisory","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"},{"name":"SUSE-SU-2016:1360","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"},{"tags":["x_transferred"],"url":"https://www.tenable.com/security/tns-2016-18"},{"tags":["x_transferred"],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"name":"SUSE-SU-2016:1233","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"},{"name":"openSUSE-SU-2016:1237","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"},{"tags":["x_transferred"],"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"},{"name":"RHSA-2016:0996","tags":["vendor-advisory","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0996.html"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20160504-0001/"},{"tags":["x_transferred"],"url":"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"},{"name":"91787","tags":["vdb-entry","x_transferred"],"url":"http://www.securityfocus.com/bid/91787"},{"name":"SUSE-SU-2016:1290","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"},{"name":"openSUSE-SU-2016:1273","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"},{"name":"RHSA-2016:2957","tags":["vendor-advisory","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-2957.html"},{"name":"USN-2959-1","tags":["vendor-advisory","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2959-1"},{"tags":["x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"name":"87940","tags":["vdb-entry","x_transferred"],"url":"http://www.securityfocus.com/bid/87940"},{"name":"RHSA-2016:0722","tags":["vendor-advisory","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0722.html"},{"name":"FreeBSD-SA-16:17","tags":["vendor-advisory","x_transferred"],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"},{"tags":["x_transferred"],"url":"https://www.openssl.org/news/secadv/20160503.txt"},{"tags":["x_transferred"],"url":"https://support.apple.com/HT206903"},{"tags":["x_transferred"],"url":"https://bto.bluecoat.com/security-advisory/sa123"},{"tags":["x_transferred"],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"},{"tags":["x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-05-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-12-13T00:00:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"},{"name":"SSA:2016-124-01","tags":["vendor-advisory"],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103"},{"name":"RHSA-2016:2056","tags":["vendor-advisory"],"url":"http://rhn.redhat.com/errata/RHSA-2016-2056.html"},{"name":"openSUSE-SU-2016:1238","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"},{"name":"openSUSE-SU-2016:1242","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"SUSE-SU-2016:1267","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"},{"name":"RHSA-2016:2073","tags":["vendor-advisory"],"url":"http://rhn.redhat.com/errata/RHSA-2016-2073.html"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"name":"DSA-3566","tags":["vendor-advisory"],"url":"http://www.debian.org/security/2016/dsa-3566"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"url":"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10160"},{"name":"openSUSE-SU-2016:1243","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"},{"url":"https://source.android.com/security/bulletin/2017-07-01"},{"name":"GLSA-201612-16","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/201612-16"},{"name":"SUSE-SU-2016:1228","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"},{"name":"1035721","tags":["vdb-entry"],"url":"http://www.securitytracker.com/id/1035721"},{"name":"openSUSE-SU-2016:1239","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"},{"name":"SUSE-SU-2016:1206","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"},{"name":"20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016","tags":["vendor-advisory"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"name":"SUSE-SU-2016:1231","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"name":"openSUSE-SU-2016:1240","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"},{"name":"openSUSE-SU-2016:1241","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"},{"name":"APPLE-SA-2016-07-18-1","tags":["vendor-advisory"],"url":"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"},{"name":"SUSE-SU-2016:1360","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"},{"url":"https://www.tenable.com/security/tns-2016-18"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"name":"SUSE-SU-2016:1233","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"},{"name":"openSUSE-SU-2016:1237","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"},{"name":"RHSA-2016:0996","tags":["vendor-advisory"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0996.html"},{"url":"https://security.netapp.com/advisory/ntap-20160504-0001/"},{"url":"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"},{"name":"91787","tags":["vdb-entry"],"url":"http://www.securityfocus.com/bid/91787"},{"name":"SUSE-SU-2016:1290","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"},{"name":"openSUSE-SU-2016:1273","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"},{"name":"RHSA-2016:2957","tags":["vendor-advisory"],"url":"http://rhn.redhat.com/errata/RHSA-2016-2957.html"},{"name":"USN-2959-1","tags":["vendor-advisory"],"url":"http://www.ubuntu.com/usn/USN-2959-1"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"name":"87940","tags":["vdb-entry"],"url":"http://www.securityfocus.com/bid/87940"},{"name":"RHSA-2016:0722","tags":["vendor-advisory"],"url":"http://rhn.redhat.com/errata/RHSA-2016-0722.html"},{"name":"FreeBSD-SA-16:17","tags":["vendor-advisory"],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"},{"url":"https://www.openssl.org/news/secadv/20160503.txt"},{"url":"https://support.apple.com/HT206903"},{"url":"https://bto.bluecoat.com/security-advisory/sa123"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2016-2109","datePublished":"2016-05-05T00:00:00.000Z","dateReserved":"2016-01-29T00:00:00.000Z","dateUpdated":"2024-08-05T23:17:50.542Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-05-05 01:59:05","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-399","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.1s","matchCriteriaId":"C1F608A0-78BE-4F17-9E41-70933E52B3C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*","matchCriteriaId":"18797BEE-417D-4959-9AAD-C5A7C051B524"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*","matchCriteriaId":"6FAA3C31-BD9D-45A9-A502-837FECA6D479"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*","matchCriteriaId":"6455A421-9956-4846-AC7C-3431E0D37D23"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*","matchCriteriaId":"60F946FD-F564-49DA-B043-5943308BA9EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*","matchCriteriaId":"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*","matchCriteriaId":"9B89180B-FB68-4DD8-B076-16E51CC7FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*","matchCriteriaId":"4C986592-4086-4A39-9767-EF34DBAA6A53"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*","matchCriteriaId":"7B23181C-03DB-4E92-B3F6-6B585B5231B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*","matchCriteriaId":"94D9EC1C-4843-4026-9B05-E060E9391734"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*","matchCriteriaId":"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","matchCriteriaId":"3C84489B-B08C-4854-8A12-D01B6E45CF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*","matchCriteriaId":"39A901D6-0874-46A4-92A8-5F72C7A89E85"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","matchCriteriaId":"1C8D871B-AEA1-4407-AEE3-47EC782250FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","matchCriteriaId":"44B067C7-735E-43C9-9188-7E1522A02491"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"2109","Ordinal":"1","Title":"CVE-2016-2109","CVE":"CVE-2016-2109","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"2109","Ordinal":"1","NoteData":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.","Type":"Description","Title":"CVE-2016-2109"},{"CveYear":"2016","CveId":"2109","Ordinal":"2","NoteData":"2016-05-04","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"2109","Ordinal":"3","NoteData":"2018-07-18","Type":"Other","Title":"Modified"}]}}}