CVSS: 7.8EPSS: 97%CPEs: 49EXPL: 2CVE-2016-2776 – ISC BIND 9 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una consulta manipulada. A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isnt allowed to make queries. • https://www.exploit-db.com/exploits/40453 https://github.com/infobyte/CVE-2016-2776 http://rhn.redhat.com/errata/RHSA-2016-1944.html http://rhn.redhat.com/errata/RHSA-2016-1945.html http://rhn.redhat.com/errata/RHSA-2016-2099.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.securityf • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 48%CPEs: 32EXPL: 0CVE-2016-2179 – openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer
https://notcve.org/view.php?id=CVE-2016-2179
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. La implementación DTLS en OpenSSL en versiones anteriores a 1.1.0 no restringe adecuadamente la vida útil de entradas de cola asociadas con mensajes fuera de servicio no usados, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) manteniendo muchas sesiones DTLS manipuladas simultáneamente, relacionado con d1_lib.c, statem_dtls.c, statem_lib.c y statem_srvr.c. It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://rhn.redhat.com/errata/RHSA-2016-1940.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork& • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 52%CPEs: 38EXPL: 0CVE-2016-2182 – openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()
https://notcve.org/view.php?id=CVE-2016-2182
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. La función BN_bn2dec en crypto/bn/bn_print.c en OpenSSL en versiones anteriores a 1.1.0 no valida adecuadamente resultados de la división, lo que permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída de la aplicación) o tener otro posible impacto no especificado a través de vectores desconocidos. An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 59%CPEs: 32EXPL: 0CVE-2016-2181 – openssl: DTLS replay protection bypass allows DoS against DTLS connection
https://notcve.org/view.php?id=CVE-2016-2181
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. La funcionalidad Anti-Replay en la implementación DTLS en OpenSSL en versiones anteriores a 1.1.0 no maneja adecuadamente el uso temprano de un número de época nuevo en conjunción con un número de secuencia larga, lo que permite a atacantes remotos provocar una denegación de servicio (gotas de paquetes falsos positivos) a través de registros DTLS suplantados, relacionado con rec_layer_d1.c y ssl3_record.c. A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 29%CPEs: 34EXPL: 0CVE-2016-6302 – openssl: Insufficient TLS session ticket HMAC length checks
https://notcve.org/view.php?id=CVE-2016-6302
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. La función tls_decrypt_ticket en ssl/t1_lib.c en OpenSSL en versiones anteriores a 1.1.0 no considera el tamaño HMAC durante la validación de la longitud del ticket, lo que permite a atacantes remotos provocar una denegación de servicio a través de un ticket que es muy corto. An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://rhn.redhat.com/errata/RHSA-2016-1940.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork& • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •