CVSS: 7.5EPSS: 29%CPEs: 34EXPL: 0CVE-2016-6302 – openssl: Insufficient TLS session ticket HMAC length checks
https://notcve.org/view.php?id=CVE-2016-6302
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. La función tls_decrypt_ticket en ssl/t1_lib.c en OpenSSL en versiones anteriores a 1.1.0 no considera el tamaño HMAC durante la validación de la longitud del ticket, lo que permite a atacantes remotos provocar una denegación de servicio a través de un ticket que es muy corto. An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://rhn.redhat.com/errata/RHSA-2016-1940.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork& • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 59%CPEs: 32EXPL: 0CVE-2016-2181 – openssl: DTLS replay protection bypass allows DoS against DTLS connection
https://notcve.org/view.php?id=CVE-2016-2181
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. La funcionalidad Anti-Replay en la implementación DTLS en OpenSSL en versiones anteriores a 1.1.0 no maneja adecuadamente el uso temprano de un número de época nuevo en conjunción con un número de secuencia larga, lo que permite a atacantes remotos provocar una denegación de servicio (gotas de paquetes falsos positivos) a través de registros DTLS suplantados, relacionado con rec_layer_d1.c y ssl3_record.c. A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-20: Improper Input Validation CWE-189: Numeric Errors •
CVSS: 8.6EPSS: 1%CPEs: 2EXPL: 0CVE-2016-6250 – libarchive: Buffer overflow when writing large iso9660 containers
https://notcve.org/view.php?id=CVE-2016-6250
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. Desbordamiento de entero en el escritor ISO9660 en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o ejecutar código arbitrario a través de vectores relacionados con la verificación de longitudes de nombre de archivo cuando se escribe un archivo ISO9660, lo que desencadena un desbordamiento de búfer. A vulnerability was found in libarchive. An attempt to create an ISO9660 volume with 2GB or 4GB filenames could cause the application to crash. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.openwall.com/lists/oss-security/2016/07/20/1 http://www.openwall.com/lists/oss-security/2016/07/21/3 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92036 http://www.securitytracker.com/id/1036431 https://bugzilla.redhat.com/show_bug.cgi?id=1347085 https://github.com/libarchive/libarchive/commit/3014e198 https://github.com/libarchive/libarchive/files&#x • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 1%CPEs: 14EXPL: 0CVE-2016-7166 – libarchive: Denial of service using a crafted gzip file
https://notcve.org/view.php?id=CVE-2016-7166
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. libarchive en versiones anteriores a 3.2.0 no limita el número de descompresiones recursivas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un archivo gzip manipulado. A vulnerability was found in libarchive. A specially crafted gzip file can cause libarchive to allocate memory without limit, eventually leading to a crash. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/09/08/15 http://www.openwall.com/lists/oss-security/2016/09/08/18 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92901 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362 https://bugzilla.redhat.com/show_bug.cgi?id=1347086 https://github.com/libarchiv • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 3CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/08/09/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/errata/RHSA-2016:1853 https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •