// For flags

CVE-2016-2176

OpenSSL Security Advisory 20160503

Severity Score

8.2
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

La función X509_NAME_oneline en crypto/x509/x509_obj.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos obtener información sensible de la pila de memoria de proceso o provocar una denegación de servicio (sobrelectura de buffer) a través de datos EBCDIC ASN.1 manipulados.

Potential security vulnerabilities in OpenSSL have been addressed in HPE Network Products including Comware v7 that is applicable for ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-01-29 CVE Reserved
  • 2016-05-03 CVE Published
  • 2024-08-05 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (23)
URL Tag Source
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/89746 Vdb Entry
http://www.securityfocus.com/bid/91787 Vdb Entry
http://www.securitytracker.com/id/1035721 Vdb Entry
https://bto.bluecoat.com/security-advisory/sa123
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
https://kc.mcafee.com/corporate/index?page=content&id=SB10160
https://security.netapp.com/advisory/ntap-20160504-0001
https://support.apple.com/HT206903
https://www.tenable.com/security/tns-2016-18
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html 2023-11-07
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl 2023-11-07
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103 2023-11-07
https://security.gentoo.org/glsa/201612-16 2023-11-07
https://www.openssl.org/news/secadv/20160503.txt 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 <= 1.0.1s
Search vendor "Openssl" for product "Openssl" and version " <= 1.0.1s"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta1
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta2
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta3
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2a
Search vendor "Openssl" for product "Openssl" and version "1.0.2a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2b
Search vendor "Openssl" for product "Openssl" and version "1.0.2b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2c
Search vendor "Openssl" for product "Openssl" and version "1.0.2c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2d
Search vendor "Openssl" for product "Openssl" and version "1.0.2d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2e
Search vendor "Openssl" for product "Openssl" and version "1.0.2e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2f
Search vendor "Openssl" for product "Openssl" and version "1.0.2f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2g
Search vendor "Openssl" for product "Openssl" and version "1.0.2g"
-
Affected