// For flags

CVE-2016-2108

openssl: Memory corruption in the ASN.1 encoder

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

La implementación ASN.1 en OpenSSL en versiones anteriores a 1.0.1o y 1.0.2 en versiones anteriores a 1.0.2c permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento inferior de buffer y corrupción de memoria) a través de un campo ANY en datos serializados manipulados, también conocido como el problema "cero negativo".

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-01-29 CVE Reserved
  • 2016-05-03 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-10-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-787: Out-of-bounds Write
CAPEC
References (61)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://source.android.com/security/bulletin/2016-07-01.html
http://support.citrix.com/article/CTX212736
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/89752 Vdb Entry
http://www.securityfocus.com/bid/91787 Vdb Entry
http://www.securitytracker.com/id/1035721 Vdb Entry
https://bto.bluecoat.com/security-advisory/sa123
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr
https://security.netapp.com/advisory/ntap-20160504-0001
https://support.apple.com/HT206903
https://www.tenable.com/security/tns-2016-18
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-0722.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-0996.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2056.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2073.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2957.html 2023-11-07
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl 2023-11-07
http://www.debian.org/security/2016/dsa-3566 2023-11-07
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103 2023-11-07
http://www.ubuntu.com/usn/USN-2959-1 2023-11-07
https://access.redhat.com/errata/RHSA-2016:1137 2023-11-07
https://access.redhat.com/errata/RHSA-2017:0193 2023-11-07
https://access.redhat.com/errata/RHSA-2017:0194 2023-11-07
https://security.gentoo.org/glsa/201612-16 2023-11-07
https://www.openssl.org/news/secadv/20160503.txt 2023-11-07
https://access.redhat.com/security/cve/CVE-2016-2108 2017-01-25
https://bugzilla.redhat.com/show_bug.cgi?id=1331402 2017-01-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Hpc Node
Search vendor "Redhat" for product "Enterprise Linux Hpc Node"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 <= 1.0.1n
Search vendor "Openssl" for product "Openssl" and version " <= 1.0.1n"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta1
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta2
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta3
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2a
Search vendor "Openssl" for product "Openssl" and version "1.0.2a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2b
Search vendor "Openssl" for product "Openssl" and version "1.0.2b"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Hpc Node
Search vendor "Redhat" for product "Enterprise Linux Hpc Node"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Hpc Node Eus
Search vendor "Redhat" for product "Enterprise Linux Hpc Node Eus"
 7.2
Search vendor "Redhat" for product "Enterprise Linux Hpc Node Eus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 7.2
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 7.2
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0
Search vendor "Google" for product "Android" and version "4.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.1
Search vendor "Google" for product "Android" and version "4.0.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.2
Search vendor "Google" for product "Android" and version "4.0.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.3
Search vendor "Google" for product "Android" and version "4.0.3"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.0.4
Search vendor "Google" for product "Android" and version "4.0.4"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.1
Search vendor "Google" for product "Android" and version "4.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.1.2
Search vendor "Google" for product "Android" and version "4.1.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.2
Search vendor "Google" for product "Android" and version "4.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.2.1
Search vendor "Google" for product "Android" and version "4.2.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.2.2
Search vendor "Google" for product "Android" and version "4.2.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.3
Search vendor "Google" for product "Android" and version "4.3"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.3.1
Search vendor "Google" for product "Android" and version "4.3.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4
Search vendor "Google" for product "Android" and version "4.4"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4.1
Search vendor "Google" for product "Android" and version "4.4.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4.2
Search vendor "Google" for product "Android" and version "4.4.2"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 4.4.3
Search vendor "Google" for product "Android" and version "4.4.3"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.0
Search vendor "Google" for product "Android" and version "5.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.0.1
Search vendor "Google" for product "Android" and version "5.0.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.1
Search vendor "Google" for product "Android" and version "5.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 5.1.0
Search vendor "Google" for product "Android" and version "5.1.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 6.0
Search vendor "Google" for product "Android" and version "6.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 6.0.1
Search vendor "Google" for product "Android" and version "6.0.1"
-
Affected