// For flags

CVE-2016-0705

OpenSSL: Double-free in DSA code

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

Vulnerabilidad de liberación doble en la función dsa_priv_decode en crypto/dsa/dsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una clave DSA privada malformada.

A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash.

An update that contains security fixes can now be installed. This update for openssl fixes various security issues. OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to. Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable "OPENSSL_ALLOW_EXPORT".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-16 CVE Reserved
  • 2016-03-01 CVE Published
  • 2024-04-01 First Exploit
  • 2024-08-05 CVE Updated
  • 2025-07-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (60)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory
http://source.android.com/security/bulletin/2016-05-01.html Third Party Advisory
http://www.securityfocus.com/bid/83754 Third Party Advisory
http://www.securityfocus.com/bid/91787 Third Party Advisory
http://www.securitytracker.com/id/1035133 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168 Third Party Advisory
URL Date SRC
https://github.com/hshivhare67/OpenSSL_1.0.1g_CVE-2016-0705 2024-04-01
URL Date SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html 2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html 2023-11-07
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html 2023-11-07
http://marc.info/?l=bugtraq&m=145889460330120&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=145983526810210&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=146108058503441&w=2 2023-11-07
http://openssl.org/news/secadv/20160301.txt 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2957.html 2023-11-07
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl 2023-11-07
http://www.debian.org/security/2016/dsa-3500 2023-11-07
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html 2023-11-07
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html 2023-11-07
http://www.ubuntu.com/usn/USN-2914-1 2023-11-07
https://access.redhat.com/errata/RHSA-2018:2568 2023-11-07
https://access.redhat.com/errata/RHSA-2018:2575 2023-11-07
https://access.redhat.com/errata/RHSA-2018:2713 2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc 2023-11-07
https://security.gentoo.org/glsa/201603-15 2023-11-07
https://www.openssl.org/news/secadv/20160301.txt 2023-11-07
https://access.redhat.com/security/cve/CVE-2016-0705 2018-09-17
https://bugzilla.redhat.com/show_bug.cgi?id=1310596 2018-09-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Mysql
Search vendor "Oracle" for product "Mysql"
 >= 5.6.0 <= 5.6.29
Search vendor "Oracle" for product "Mysql" and version " >= 5.6.0 <= 5.6.29"
-
Affected
Oracle
Search vendor "Oracle"
 Mysql
Search vendor "Oracle" for product "Mysql"
 >= 5.7.0 <= 5.7.11
Search vendor "Oracle" for product "Mysql" and version " >= 5.7.0 <= 5.7.11"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta1
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta2
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta3
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1i
Search vendor "Openssl" for product "Openssl" and version "1.0.1i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1j
Search vendor "Openssl" for product "Openssl" and version "1.0.1j"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1k
Search vendor "Openssl" for product "Openssl" and version "1.0.1k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1l
Search vendor "Openssl" for product "Openssl" and version "1.0.1l"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1m
Search vendor "Openssl" for product "Openssl" and version "1.0.1m"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1n
Search vendor "Openssl" for product "Openssl" and version "1.0.1n"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1o
Search vendor "Openssl" for product "Openssl" and version "1.0.1o"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1p
Search vendor "Openssl" for product "Openssl" and version "1.0.1p"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1q
Search vendor "Openssl" for product "Openssl" and version "1.0.1q"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1r
Search vendor "Openssl" for product "Openssl" and version "1.0.1r"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta1
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta2
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta3
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2a
Search vendor "Openssl" for product "Openssl" and version "1.0.2a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2b
Search vendor "Openssl" for product "Openssl" and version "1.0.2b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2c
Search vendor "Openssl" for product "Openssl" and version "1.0.2c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2d
Search vendor "Openssl" for product "Openssl" and version "1.0.2d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2e
Search vendor "Openssl" for product "Openssl" and version "1.0.2e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2f
Search vendor "Openssl" for product "Openssl" and version "1.0.2f"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0
Search vendor "Google" for product "Android" and version "4.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.1
Search vendor "Google" for product "Android" and version "4.0.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.2
Search vendor "Google" for product "Android" and version "4.0.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.3
Search vendor "Google" for product "Android" and version "4.0.3"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.4
Search vendor "Google" for product "Android" and version "4.0.4"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.1
Search vendor "Google" for product "Android" and version "4.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.1.2
Search vendor "Google" for product "Android" and version "4.1.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.2
Search vendor "Google" for product "Android" and version "4.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.2.1
Search vendor "Google" for product "Android" and version "4.2.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.2.2
Search vendor "Google" for product "Android" and version "4.2.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.3
Search vendor "Google" for product "Android" and version "4.3"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.3.1
Search vendor "Google" for product "Android" and version "4.3.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4
Search vendor "Google" for product "Android" and version "4.4"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4.1
Search vendor "Google" for product "Android" and version "4.4.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4.2
Search vendor "Google" for product "Android" and version "4.4.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4.3
Search vendor "Google" for product "Android" and version "4.4.3"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.0
Search vendor "Google" for product "Android" and version "5.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.0.1
Search vendor "Google" for product "Android" and version "5.0.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.1
Search vendor "Google" for product "Android" and version "5.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.1.0
Search vendor "Google" for product "Android" and version "5.1.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 6.0
Search vendor "Google" for product "Android" and version "6.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 6.0.1
Search vendor "Google" for product "Android" and version "6.0.1"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected