CVE-2016-2108

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html

http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

http://rhn.redhat.com/errata/RHSA-2016-0722.html

http://rhn.redhat.com/errata/RHSA-2016-0996.html

http://rhn.redhat.com/errata/RHSA-2016-2056.html

http://rhn.redhat.com/errata/RHSA-2016-2073.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://source.android.com/security/bulletin/2016-07-01.html

http://support.citrix.com/article/CTX212736

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

http://www.debian.org/security/2016/dsa-3566

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/89752

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035721

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

http://www.ubuntu.com/usn/USN-2959-1

https://access.redhat.com/errata/RHSA-2016:1137

https://access.redhat.com/errata/RHSA-2017:0193

https://access.redhat.com/errata/RHSA-2017:0194

https://bto.bluecoat.com/security-advisory/sa123

https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871

https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202

https://security.gentoo.org/glsa/201612-16

https://security.netapp.com/advisory/ntap-20160504-0001/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr

https://support.apple.com/HT206903

https://www.openssl.org/news/secadv/20160503.txt

https://www.tenable.com/security/tns-2016-18

Details

Source: MITRE

Published: 2016-05-05

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 1.0.1n (inclusive)

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*

Tenable Plugins

View all (58 total)

IDNameProductFamilySeverity
128913EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)NessusHuawei Local Security Checks
critical
107062Arista Networks EOS ASN.1 Encoder RCE (SA0020)NessusMisc.
critical
106093SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)NessusSuSE Local Security Checks
critical
97893Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple VulnerabilitiesNessusMisc.
critical
97550SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2017:0605-1)NessusSuSE Local Security Checks
critical
97494SUSE SLES11 Security Update : openssl (SUSE-SU-2017:0585-1)NessusSuSE Local Security Checks
critical
97275openSUSE Security Update : openssl (openSUSE-2017-255)NessusSuSE Local Security Checks
critical
97188SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)NessusSuSE Local Security Checks
critical
96867RHEL 7 : JBoss Core Services (RHSA-2017:0194)NessusRed Hat Local Security Checks
critical
96824RHEL 6 : JBoss Core Services (RHSA-2017:0193)NessusRed Hat Local Security Checks
critical
96316Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)NessusJunos Local Security Checks
critical
95602GLSA-201612-16 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
94679Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)NessusFirewalls
critical
94105RHEL 6 : openssl (RHSA-2016:2073)NessusRed Hat Local Security Checks
critical
93841F5 Networks BIG-IP : OpenSSL vulnerability (K75152412)NessusF5 Networks Local Security Checks
critical
93761OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0135)NessusOracleVM Local Security Checks
critical
93381Blue Coat ProxySG 6.5.x < 6.5.9.8 / 6.6.x < 6.6.4.1 Multiple OpenSSL VulnerabilitiesNessusFirewalls
critical
92496Mac OS X 10.11.x < 10.11.6 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
92323AIX OpenSSL Advisory : openssl_advisory20.ascNessusAIX Local Security Checks
critical
92045Cisco TelePresence VCS / Expressway 8.x < 8.8 Multiple Vulnerabilities (Bar Mitzvah)NessusCISCO
critical
9389OpenSSL 1.0.1 < 1.0.1o / 1.0.2 < 1.0.2c ASN.1 Encoder Negative Zero Value Handling RCENessus Network MonitorWeb Servers
critical
91777OracleVM 3.2 : openssl (OVMSA-2016-0086)NessusOracleVM Local Security Checks
critical
91541Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)NessusScientific Linux Local Security Checks
critical
91421Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20160531)NessusScientific Linux Local Security Checks
critical
91414Oracle Linux 5 : openssl (ELSA-2016-1137)NessusOracle Linux Local Security Checks
critical
91390CentOS 5 : openssl (CESA-2016:1137)NessusCentOS Local Security Checks
critical
91380RHEL 5 : openssl (RHSA-2016:1137)NessusRed Hat Local Security Checks
critical
91352Citrix XenServer Multiple Vulnerabilities (CTX212736)NessusMisc.
critical
91282SUSE SLES10 Security Update : openssl (SUSE-SU-2016:1360-1)NessusSuSE Local Security Checks
critical
91171CentOS 6 : openssl (CESA-2016:0996)NessusCentOS Local Security Checks
critical
91158SUSE SLES11 Security Update : openssl (SUSE-SU-2016:1290-1)NessusSuSE Local Security Checks
critical
91154OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)NessusOracleVM Local Security Checks
critical
91152Oracle Linux 6 : openssl (ELSA-2016-0996)NessusOracle Linux Local Security Checks
critical
91070openSUSE Security Update : compat-openssl098 (openSUSE-2016-575)NessusSuSE Local Security Checks
critical
91068openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-563) (DROWN)NessusSuSE Local Security Checks
critical
91067openSUSE Security Update : openssl (openSUSE-2016-562)NessusSuSE Local Security Checks
critical
91058Fedora 22 : openssl-1.0.1k-15.fc22 (2016-1e39d934ed)NessusFedora Local Security Checks
critical
91043SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:1267-1)NessusSuSE Local Security Checks
critical
91041Scientific Linux Security Update : openssl on SL7.x x86_64 (20160509)NessusScientific Linux Local Security Checks
critical
91037RHEL 6 : openssl (RHSA-2016:0996)NessusRed Hat Local Security Checks
critical
91033RHEL 7 : openssl (RHSA-2016:0722)NessusRed Hat Local Security Checks
critical
91029Oracle Linux 7 : openssl (ELSA-2016-0722)NessusOracle Linux Local Security Checks
critical
91017CentOS 7 : openssl (CESA-2016:0722)NessusCentOS Local Security Checks
critical
90949Fedora 24 : openssl-1.0.2h-1.fc24 (2016-1411324654)NessusFedora Local Security Checks
critical
90935openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-565)NessusSuSE Local Security Checks
critical
90934openSUSE Security Update : openssl (openSUSE-2016-564)NessusSuSE Local Security Checks
critical
90933openSUSE Security Update : openssl (openSUSE-2016-561)NessusSuSE Local Security Checks
critical
90914SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1233-1)NessusSuSE Local Security Checks
critical
90913SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)NessusSuSE Local Security Checks
critical
90898Fedora 23 : openssl-1.0.2h-1.fc23 (2016-05c567df1a)NessusFedora Local Security Checks
critical
90896Debian DSA-3566-1 : openssl - security updateNessusDebian Local Security Checks
critical
90889OpenSSL 1.0.2 < 1.0.2c ASN.1 Encoder Negative Zero Value Handling RCENessusWeb Servers
critical
90888OpenSSL 1.0.1 < 1.0.1o ASN.1 Encoder Negative Zero Value Handling RCENessusWeb Servers
critical
90887Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : openssl vulnerabilities (USN-2959-1)NessusUbuntu Local Security Checks
critical
90876FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)NessusFreeBSD Local Security Checks
critical
90874Debian DLA-456-1 : openssl security updateNessusDebian Local Security Checks
critical
90864Amazon Linux AMI : openssl (ALAS-2016-695)NessusAmazon Linux Local Security Checks
critical
90863Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)NessusSlackware Local Security Checks
critical