CVSS: 10.0EPSS: 89%CPEs: 40EXPL: 0CVE-2016-2108 – openssl: Memory corruption in the ASN.1 encoder
https://notcve.org/view.php?id=CVE-2016-2108
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. La implementación ASN.1 en OpenSSL en versiones anteriores a 1.0.1o y 1.0.2 en versiones anteriores a 1.0.2c permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento inferior de buffer y corrupción de memoria) a través de un campo ANY en datos serializados manipulados, también conocido como el problema "cero negativo". A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 84%CPEs: 23EXPL: 0CVE-2016-2109 – openssl: ASN.1 BIO handling of large amounts of data
https://notcve.org/view.php?id=CVE-2016-2109
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. La función asn1_d2i_read_bio en crypto/asn1/a_d2i_fp.c en la implementación de ASN.1 BIO en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una codificación corta no válida. A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.h • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 71%CPEs: 32EXPL: 0CVE-2016-2842 – openssl: doapr_outch function does not verify that certain memory allocation succeeds
https://notcve.org/view.php?id=CVE-2016-2842
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799. La función doapr_outch en crypto/bio/b_print.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g no verifica que una asignación determinada de memoria tenga éxito, lo que permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango o consumo de memoria) o posiblemente causar otro impacto no especificado a través de una cadena de carácteres más larga, como ha quedado demostrado por una gran cantidad de ASN.1 data, una vulnerabilidad diferente a CVE-2016-0799. Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. • http://marc.info/?l=bugtraq&m=145983526810210&w=2 http://marc.info/?l=bugtraq&m=146108058503441&w=2 http://openssl.org/news/secadv/20160301.txt http://rhn.redhat.com/errata/RHSA-2016-0722.html http://rhn.redhat.com/errata/RHSA-2016-0996.html http://rhn.redhat.com/errata/RHSA-2016-2073.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84169 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 68%CPEs: 32EXPL: 0CVE-2016-0798
https://notcve.org/view.php?id=CVE-2016-0798
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. Fuga de memoria en la implementación de SRP_VBASE_get_by_user en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permite a atacantes remotos causar una denegación de servicio (consumo de memoria) proporcionando un nombre de usuario no válido en un intento de conexión, relacionada con apps/s_server.c y crypto/srp/srp_vfy.c. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.h • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 7%CPEs: 40EXPL: 0CVE-2016-0797 – OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
https://notcve.org/view.php?id=CVE-2016-0797
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. Múltiples desbordamientos de entero en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica o referencia a puntero NULL) o posiblemente tener otro impacto no especificado a través de una cadena de dígitos de gran tamaño que no es manejada correctamente por la función (1) BN_dec2bn o (2) BN_hex2bn, relacionada con crypto/bn/bn.h y crypto/bn/bn_print.c. An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.h •