Vulnerability-Lookup

BDU:2022-02559

Vulnerability from fstec - Published: 20.06.2016

Title

Уязвимость библиотеки OpenSSL, вызванная целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

Description

Уязвимость библиотеки OpenSSL вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или, возможно, оказать другое воздействие

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

OpenSSL Software Foundation, Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc.

Software Name

OpenSSL, Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap

Software Version

1.0.1n (OpenSSL), 1.0.1o (OpenSSL), 1.0.2b (OpenSSL), 1.0.2c (OpenSSL), 1.0.1m (OpenSSL), 1.0.2a (OpenSSL), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 9 (Debian GNU/Linux), 16.04 (Ubuntu), 1.0.2 (OpenSSL), 1.0.2h (OpenSSL), 1.0.2g (OpenSSL), 1.0.2f (OpenSSL), 1.0.2e (OpenSSL), 1.0.2d (OpenSSL), 15.0 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 7 (Debian GNU/Linux), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), 1.0.1c (OpenSSL), 1.0.1d (OpenSSL), 1.0.1l (OpenSSL), 1.0.1t (OpenSSL), 1.0.1e (OpenSSL), 1.0.1f (OpenSSL), 1.0.1i (OpenSSL), 1.0.1j (OpenSSL), 1.0.1k (OpenSSL), 1.0.1r (OpenSSL), 1.0.1s (OpenSSL), 1.0.1g (OpenSSL), 1.0.1p (OpenSSL), 1.0.1q (OpenSSL)

Possible Mitigations

Использование рекомендаций: https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7 https://security.gentoo.org/glsa/201612-16 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2016-2177 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2177.xml Для Ubuntu: https://ubuntu.com/security/CVE-2016-2177 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2016-2177

Reference

https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7 https://bugzilla.redhat.com/show_bug.cgi?id=1341705 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/91319 http://www.securitytracker.com/id/1036088 http://www.splunk.com/view/SP-CAAAPUE http://www.splunk.com/view/SP-CAAAPSV https://security.gentoo.org/glsa/201612-16 https://kc.mcafee.com/corporate/index?page=content&id=SB10165 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 https://bto.bluecoat.com/security-advisory/sa132 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 https://www.tenable.com/security/tns-2016-16 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://www.tenable.com/security/tns-2016-21 https://www.tenable.com/security/tns-2016-20 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc https://access.redhat.com/errata/RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:0194 https://access.redhat.com/errata/RHSA-2017:0193 http://rhn.redhat.com/errata/RHSA-2017-1659.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://rhn.redhat.com/errata/RHSA-2016-1940.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/ https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/ https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us https://kc.mcafee.com/corporate/index?page=content&id=SB10215 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html https://support.f5.com/csp/article/K23873366 http://www.debian.org/security/2016/dsa-3673 http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 http://www.openwall.com/lists/oss-security/2016/06/08/9 http://www.ubuntu.com/usn/USN-3181-1 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html http://www.ubuntu.com/usn/USN-3087-2 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en http://www.ubuntu.com/usn/USN-3087-1 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html http://seclists.org/fulldisclosure/2017/Jul/31 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://www.securityfocus.com/archive/1/540957/100/0/threaded

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "OpenSSL Software Foundation, Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.0.1n (OpenSSL), 1.0.1o (OpenSSL), 1.0.2b (OpenSSL), 1.0.2c (OpenSSL), 1.0.1m (OpenSSL), 1.0.2a (OpenSSL), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 9 (Debian GNU/Linux), 16.04 (Ubuntu), 1.0.2 (OpenSSL), 1.0.2h (OpenSSL), 1.0.2g (OpenSSL), 1.0.2f (OpenSSL), 1.0.2e (OpenSSL), 1.0.2d (OpenSSL), 15.0 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 7 (Debian GNU/Linux), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), 1.0.1c (OpenSSL), 1.0.1d (OpenSSL), 1.0.1l (OpenSSL), 1.0.1t (OpenSSL), 1.0.1e (OpenSSL), 1.0.1f (OpenSSL), 1.0.1i (OpenSSL), 1.0.1j (OpenSSL), 1.0.1k (OpenSSL), 1.0.1r (OpenSSL), 1.0.1s (OpenSSL), 1.0.1g (OpenSSL), 1.0.1p (OpenSSL), 1.0.1q (OpenSSL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7\n\n\nhttps://security.gentoo.org/glsa/201612-16\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2016-2177\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2177.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2016-2177\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2016-2177",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.06.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02559",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-2177",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSSL, Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 12.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 16.04 , Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 7 , Canonical Ltd. Ubuntu 16.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1341705\nhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\nhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\nhttp://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html\nhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html\nhttp://www.securityfocus.com/bid/91319\nhttp://www.securitytracker.com/id/1036088\nhttp://www.splunk.com/view/SP-CAAAPUE\nhttp://www.splunk.com/view/SP-CAAAPSV\nhttps://security.gentoo.org/glsa/201612-16\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10165\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312\nhttps://bto.bluecoat.com/security-advisory/sa132\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759\nhttps://www.tenable.com/security/tns-2016-16\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21995039\nhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03763en_us\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\nhttps://www.tenable.com/security/tns-2016-21\nhttps://www.tenable.com/security/tns-2016-20\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc\nhttps://access.redhat.com/errata/RHSA-2017:1658\nhttps://access.redhat.com/errata/RHSA-2017:0194\nhttps://access.redhat.com/errata/RHSA-2017:0193\nhttp://rhn.redhat.com/errata/RHSA-2017-1659.html\nhttp://rhn.redhat.com/errata/RHSA-2016-2957.html\nhttp://rhn.redhat.com/errata/RHSA-2016-1940.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\nhttps://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/\nhttps://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/\nhttps://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager\nhttps://ics-cert.us-cert.gov/advisories/ICSA-18-144-01\nhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215\nhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html\nhttps://support.f5.com/csp/article/K23873366\nhttp://www.debian.org/security/2016/dsa-3673\nhttp://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded\nhttp://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html\nhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us\nhttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html\nhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html\nhttps://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24\nhttp://www.openwall.com/lists/oss-security/2016/06/08/9\nhttp://www.ubuntu.com/usn/USN-3181-1\nhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html\nhttp://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html\nhttp://www.ubuntu.com/usn/USN-3087-2\nhttp://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html\nhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en\nhttp://www.ubuntu.com/usn/USN-3087-1\nhttp://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html\nhttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html\nhttp://seclists.org/fulldisclosure/2017/Jul/31\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl\nhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448\nhttp://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html\nhttp://www.securityfocus.com/archive/1/540957/100/0/threaded",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2016-2177 (GCVE-0-2016-2177)

Vulnerability from cvelistv5 – Published: 2016-06-20 00:00 – Updated: 2024-08-05 23:17

Summary

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

64 references

URL	Tags
https://www.tenable.com/security/tns-2016-20
http://www.splunk.com/view/SP-CAAAPUE
http://www.oracle.com/technetwork/security-adviso…
http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory
https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
http://www.securitytracker.com/id/1036088	vdb-entry
http://www.oracle.com/technetwork/topics/security…
https://security.gentoo.org/glsa/201612-16	vendor-advisory
https://www.citect.schneider-electric.com/safety-…
https://kb.pulsesecure.net/articles/Pulse_Securit…
https://support.hpe.com/hpsc/doc/public/display?d…
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg…
http://www.oracle.com/technetwork/security-adviso…
https://www.tenable.com/security/tns-2016-16
https://git.openssl.org/?p=openssl.git%3Ba=commit…
https://www.tenable.com/security/tns-2016-21
http://www.oracle.com/technetwork/topics/security…
http://www.oracle.com/technetwork/security-adviso…
http://www.oracle.com/technetwork/security-adviso…
https://access.redhat.com/errata/RHSA-2017:0194	vendor-advisory
https://access.redhat.com/errata/RHSA-2017:0193	vendor-advisory
https://www.schneider-electric.com/en/download/do…
http://www.oracle.com/technetwork/topics/security…
http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa132
https://bugzilla.redhat.com/show_bug.cgi?id=1341705
https://www.schneider-electric.com/en/download/do…
http://www.securityfocus.com/bid/91319	vdb-entry
http://www.oracle.com/technetwork/security-adviso…
https://security.FreeBSD.org/advisories/FreeBSD-S…	vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/displ…
https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
https://h20566.www2.hpe.com/portal/site/hpsc/publ…
https://kc.mcafee.com/corporate/index?page=conten…
http://kb.juniper.net/InfoCenter/index?page=conte…
http://www.openwall.com/lists/oss-security/2016/06/08/9	mailing-list
https://kc.mcafee.com/corporate/index?page=conten…
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://tools.cisco.com/security/center/content/Ci…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
http://www.securityfocus.com/archive/1/540957/100…	mailing-list
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/…	mailing-list
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
http://www.ubuntu.com/usn/USN-3181-1	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://support.hpe.com/hpsc/doc/public/display?d…
https://support.f5.com/csp/article/K23873366
http://www.debian.org/security/2016/dsa-3673	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/displ…
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://www.huawei.com/en/psirt/security-advisorie…
https://www.arista.com/en/support/advisories-noti…
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public

2016-06-01 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "1036088",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2017:0194",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0194"
          },
          {
            "name": "RHSA-2017:0193",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0193"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
          },
          {
            "name": "91319",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91319"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03763en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10165"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "USN-3181-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3181-1"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K23873366"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "1036088",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036088"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2017:0194",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0194"
        },
        {
          "name": "RHSA-2017:0193",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0193"
        },
        {
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705"
        },
        {
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
        },
        {
          "name": "91319",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91319"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03763en_us"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10165"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "USN-3181-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3181-1"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
        },
        {
          "url": "https://support.f5.com/csp/article/K23873366"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2177",
    "datePublished": "2016-06-20T00:00:00.000Z",
    "dateReserved": "2016-01-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:17:50.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-02559

CVE-2016-2177 (GCVE-0-2016-2177)

Tags

Sightings

Nomenclature