CVSS: 7.5EPSS: 33%CPEs: 23EXPL: 0CVE-2016-2106 – openssl: EVP_EncryptUpdate overflow
https://notcve.org/view.php?id=CVE-2016-2106
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. Desbordamiento de entero en la función EVP_EncryptUpdate en crypto/evp/evp_enc.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una gran cantidad de datos. An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 84%CPEs: 23EXPL: 0CVE-2016-2109 – openssl: ASN.1 BIO handling of large amounts of data
https://notcve.org/view.php?id=CVE-2016-2109
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. La función asn1_d2i_read_bio en crypto/asn1/a_d2i_fp.c en la implementación de ASN.1 BIO en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una codificación corta no válida. A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.h • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 96%CPEs: 60EXPL: 2CVE-2016-2107 – OpenSSL - Padding Oracle in AES-NI CBC MAC Check
https://notcve.org/view.php?id=CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una comprobación de relleno determinada, lo que permite a atacantes remotos obtener información de texto claro sensible a través de un ataque de padding-oracle contra una sesión AES CBC . NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2013-0169. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. • https://www.exploit-db.com/exploits/39768 https://github.com/FiloSottile/CVE-2016-2107 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0CVE-2016-0703 – openssl: Divide-and-conquer session key recovery in SSLv2
https://notcve.org/view.php?id=CVE-2016-0703
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. La función get_client_master_key en s2_srvr.c en la implementación de SSLv2 en OpenSSL en versiones anteriores a 0.9.8zf, 1.0.0 en versiones anteriores a 1.0.0r, 1.0.1 en versiones anteriores a 1.0.1m y 1.0.2 en versiones anteriores a 1.0.2a acepta un valor CLIENT-MASTER-KEY CLEAR-KEY-LENGTH distinto de cero para un cifrado arbitrario, lo que permite a atacantes man-in-the-middle determinar el valor MASTER-KEY y descifrar datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, un caso relacionado con CVE-2016-0800. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 44EXPL: 0CVE-2016-0704 – openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
https://notcve.org/view.php?id=CVE-2016-0704
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. Un mecanismo de protección oracle en la función get_client_master_key en s2_srvr.c en la implementación de SSLv2 en OpenSSL en versiones anteriores a 0.9.8zf, 1.0.0 en versiones anteriores a 1.0.0r, 1.0.1 en versiones anteriores a 1.0.1m y 1.0.2 en versiones anteriores a 1.0.2a sobrescribe MASTER-KEY bytes incorrectos durante el uso de suites de cifrado de exportación, lo que facilita a atacantes remotos el descifrado de datos de texto cifrados con TLS aprovechándose de un Bleichenbacher RSA padding oracle, un caso relacionado con CVE-2016-0800. It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •