CVSS: 10.0EPSS: 39%CPEs: 35EXPL: 0CVE-2016-0799 – OpenSSL: Fix memory issues in BIO_*printf functions
https://notcve.org/view.php?id=CVE-2016-0799
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. La función fmtstr en crypto/bio/b_print.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g calcula incorrectamenteno longitudes de cadena, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento y lectura fuera de rango) o posiblemente causar otro impacto no especificado a través de una cadena larga de carácteres, como ha quedado demostrado por una gran cantidad de ASN.1 data, una vulnerabilidad diferente a CVE-2016-2842. Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 95%CPEs: 34EXPL: 0CVE-2016-0800 – SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
https://notcve.org/view.php?id=CVE-2016-0800
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. El protocolo SSLv2, como se utiliza en OpenSSL en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g y otros productos requiere un servidor para enviar un mensaje ServerVerify antes de establecer que un cliente posee ciertos datos RSA en texto plano, lo que facilita a atacantes remotos descifrar datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, también conocida como ataque "DROWN". A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •