CVE-2016-2177

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

References

https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7

https://bugzilla.redhat.com/show_bug.cgi?id=1341705

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.securityfocus.com/bid/91319

http://www.securitytracker.com/id/1036088

http://www.splunk.com/view/SP-CAAAPUE

http://www.splunk.com/view/SP-CAAAPSV

https://security.gentoo.org/glsa/201612-16

https://kc.mcafee.com/corporate/index?page=content&id=SB10165

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://bto.bluecoat.com/security-advisory/sa132

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

https://www.tenable.com/security/tns-2016-16

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://www.tenable.com/security/tns-2016-21

https://www.tenable.com/security/tns-2016-20

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

https://access.redhat.com/errata/RHSA-2017:1658

https://access.redhat.com/errata/RHSA-2017:0194

https://access.redhat.com/errata/RHSA-2017:0193

http://rhn.redhat.com/errata/RHSA-2017-1659.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/

https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/

https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager

https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

https://support.f5.com/csp/article/K23873366

http://www.debian.org/security/2016/dsa-3673

http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

http://www.openwall.com/lists/oss-security/2016/06/08/9

http://www.ubuntu.com/usn/USN-3181-1

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://www.ubuntu.com/usn/USN-3087-2

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

http://www.ubuntu.com/usn/USN-3087-1

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://seclists.org/fulldisclosure/2017/Jul/31

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://www.securityfocus.com/archive/1/540957/100/0/threaded

Details

Source: MITRE

Published: 2016-06-20

Updated: 2021-11-17

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*

cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*

Configuration 2

OR

cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*

Tenable Plugins

View all (54 total)

IDNameProductFamilySeverity
128913EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)NessusHuawei Local Security Checks
critical
124059Oracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)NessusMisc.
critical
106863openSUSE Security Update : openssl-steam (openSUSE-2018-168)NessusSuSE Local Security Checks
critical
101845Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)NessusMisc.
critical
101141RHEL 6 / 7 : JBoss EAP (RHSA-2017:1658)NessusRed Hat Local Security Checks
critical
101045Tenable SecurityCenter OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32)NessusMisc.
critical
99930Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32)NessusMisc.
critical
99810EulerOS 2.0 SP1 : openssl (EulerOS-SA-2016-1047)NessusHuawei Local Security Checks
high
99594Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (April 2017 CPU) (SWEET32)NessusMisc.
critical
97444F5 Networks BIG-IP : OpenSSL vulnerability (K23873366)NessusF5 Networks Local Security Checks
medium
97192Tenable Nessus 6.x < 6.9 Multiple Vulnerabilities (TNS-2016-16) (SWEET32)NessusCGI abuses : XSS
critical
96927Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)NessusUbuntu Local Security Checks
critical
96867RHEL 7 : JBoss Core Services (RHSA-2017:0194)NessusRed Hat Local Security Checks
critical
96824RHEL 6 : JBoss Core Services (RHSA-2017:0193)NessusRed Hat Local Security Checks
critical
96771MySQL Enterprise Monitor 3.3.x < 3.3.1.1112 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)NessusCGI abuses
critical
96770MySQL Enterprise Monitor 3.2.x < 3.2.5.1141 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)NessusCGI abuses
critical
96767MySQL Enterprise Monitor 3.1.x < 3.1.5.7958 Multiple Vulnerabilities (SWEET32) (January 2017 CPU)NessusCGI abuses
high
96337Tenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)NessusMisc.
critical
96316Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)NessusJunos Local Security Checks
critical
96145IBM BigFix Remote Control < 9.1.3 Multiple Vulnerabilities (SWEET32)NessusCGI abuses
critical
95602GLSA-201612-16 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
95255AIX OpenSSL Advisory : openssl_advisory21.asc (SWEET32)NessusAIX Local Security Checks
critical
94811Fedora 25 : 1:openssl (2016-64e0743e16)NessusFedora Local Security Checks
critical
94198MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94197MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94167MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94166MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94095OracleVM 3.2 : openssl (OVMSA-2016-0141)NessusOracleVM Local Security Checks
critical
94094Oracle Linux 5 : openssl (ELSA-2016-3627)NessusOracle Linux Local Security Checks
critical
94086openSUSE Security Update : compat-openssl098 (openSUSE-2016-1189)NessusSuSE Local Security Checks
critical
94021Amazon Linux AMI : openssl (ALAS-2016-755)NessusAmazon Linux Local Security Checks
critical
93978Fedora 23 : 1:openssl (2016-97454404fe)NessusFedora Local Security Checks
critical
93909SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2016:2468-1)NessusSuSE Local Security Checks
critical
9625OpenSSL 1.0.1 < 1.0.1u / 1.0.2 < 1.0.2i Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
93893SUSE SLES11 Security Update : openssl (SUSE-SU-2016:2458-1)NessusSuSE Local Security Checks
critical
93815OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities (SWEET32)NessusWeb Servers
critical
93814OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32)NessusWeb Servers
critical
93795Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20160927)NessusScientific Linux Local Security Checks
critical
93783openSUSE Security Update : openssl (openSUSE-2016-1134)NessusSuSE Local Security Checks
critical
93777CentOS 6 / 7 : openssl (CESA-2016:1940)NessusCentOS Local Security Checks
critical
93765SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)NessusSuSE Local Security Checks
critical
93763RHEL 6 / 7 : openssl (RHSA-2016:1940)NessusRed Hat Local Security Checks
critical
93761OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0135)NessusOracleVM Local Security Checks
critical
93759Oracle Linux 6 / 7 : openssl (ELSA-2016-1940)NessusOracle Linux Local Security Checks
critical
93756openSUSE Security Update : openssl (openSUSE-2016-1130)NessusSuSE Local Security Checks
critical
93752Fedora 24 : 1:openssl (2016-a555159613)NessusFedora Local Security Checks
critical
93734SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)NessusSuSE Local Security Checks
critical
93715Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl regression (USN-3087-2)NessusUbuntu Local Security Checks
critical
93690Debian DLA-637-1 : openssl security updateNessusDebian Local Security Checks
critical
93684Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : openssl vulnerabilities (USN-3087-1)NessusUbuntu Local Security Checks
critical
93674FreeBSD : OpenSSL -- multiple vulnerabilities (43eaa656-80bc-11e6-bf52-b499baebfeaf)NessusFreeBSD Local Security Checks
critical
93668Debian DSA-3673-1 : openssl - security updateNessusDebian Local Security Checks
critical
93663Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2016-266-01)NessusSlackware Local Security Checks
critical
91909FreeBSD : openssl -- denial of service (0ca24682-3f03-11e6-b3c8-14dae9d210b8)NessusFreeBSD Local Security Checks
critical