CVSS: 8.2EPSS: 65%CPEs: 12EXPL: 0CVE-2016-2176
https://notcve.org/view.php?id=CVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. La función X509_NAME_oneline en crypto/x509/x509_obj.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos obtener información sensible de la pila de memoria de proceso o provocar una denegación de servicio (sobrelectura de buffer) a través de datos EBCDIC ASN.1 manipulados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topics& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 33%CPEs: 23EXPL: 0CVE-2016-2106 – openssl: EVP_EncryptUpdate overflow
https://notcve.org/view.php?id=CVE-2016-2106
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. Desbordamiento de entero en la función EVP_EncryptUpdate en crypto/evp/evp_enc.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una gran cantidad de datos. An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 5.9EPSS: 96%CPEs: 60EXPL: 2CVE-2016-2107 – OpenSSL - Padding Oracle in AES-NI CBC MAC Check
https://notcve.org/view.php?id=CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una comprobación de relleno determinada, lo que permite a atacantes remotos obtener información de texto claro sensible a través de un ataque de padding-oracle contra una sesión AES CBC . NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2013-0169. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. • https://www.exploit-db.com/exploits/39768 https://github.com/FiloSottile/CVE-2016-2107 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 89%CPEs: 40EXPL: 0CVE-2016-2108 – openssl: Memory corruption in the ASN.1 encoder
https://notcve.org/view.php?id=CVE-2016-2108
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. La implementación ASN.1 en OpenSSL en versiones anteriores a 1.0.1o y 1.0.2 en versiones anteriores a 1.0.2c permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento inferior de buffer y corrupción de memoria) a través de un campo ANY en datos serializados manipulados, también conocido como el problema "cero negativo". A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 84%CPEs: 23EXPL: 0CVE-2016-2109 – openssl: ASN.1 BIO handling of large amounts of data
https://notcve.org/view.php?id=CVE-2016-2109
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. La función asn1_d2i_read_bio en crypto/asn1/a_d2i_fp.c en la implementación de ASN.1 BIO en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una codificación corta no válida. A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.h • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •