Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_suse
Published
2016-03-15 17:01
Modified
2016-03-15 17:01
Summary
Security update for sles11sp4-docker-image
Notes
Title of the patch
Security update for sles11sp4-docker-image
Description of the patch
This rebuild for sles11sp4-docker-image fixes several important security issues
done in libraries contained inside, for glibc, openssl, curl and openldap2.
glibc security fixes:
- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)
- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)
- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)
- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)
- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)
- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)
glibc non-security bugfixes:
- bsc#930721: Accept leading and trailing spaces in getdate input string
- bsc#942317: Recognize power8 platform
- bsc#950944: Always enable pointer guard
- bsc#956988: Fix deadlock in __dl_iterate_phdr
openssl security issues fixed:
- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
OpenSSL was vulnerable to a cross-protocol attack that could lead to
decryption of TLS sessions by using a server supporting SSLv2 and
EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
This update changes the openssl library to:
* Disable SSLv2 protocol support by default.
This can be overridden by setting the environment variable
'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the
SSL_OP_NO_SSLv2 flag.
Note that various services and clients had already disabled SSL
protocol 2 by default previously.
* Disable all weak EXPORT ciphers by default. These can be reenabled
if required by old legacy software using the environment variable
'OPENSSL_ALLOW_EXPORT'.
- CVE-2016-0705 (bnc#968047):
A double free() bug in the DSA ASN1 parser code was fixed that could
be abused to facilitate a denial-of-service attack.
- CVE-2016-0797 (bnc#968048):
The BN_hex2bn() and BN_dec2bn() functions had a bug that could result
in an attempt to de-reference a NULL pointer leading to crashes.
This could have security consequences if these functions were ever
called by user applications with large untrusted hex/decimal data. Also,
internal usage of these functions in OpenSSL uses data from config files
or application command line arguments. If user developed applications
generated config file data based on untrusted data, then this could
have had security consequences as well.
- CVE-2016-0799 (bnc#968374)
On many 64 bit systems, the internal fmtstr() and doapr_outch()
functions could miscalculate the length of a string and attempt to
access out-of-bounds memory locations. These problems could have
enabled attacks where large amounts of untrusted data is passed to
the BIO_*printf functions. If applications use these functions in
this way then they could have been vulnerable. OpenSSL itself uses
these functions when printing out human-readable dumps of ASN.1
data. Therefore applications that print this data could have been
vulnerable if the data is from untrusted sources. OpenSSL command line
applications could also have been vulnerable when they print out ASN.1
data, or if untrusted data is passed as command line arguments. Libssl
is not considered directly vulnerable.
- CVE-2015-3197 (bsc#963415):
The SSLv2 protocol did not block disabled ciphers.
Note that the March 1st 2016 release also references following CVEs
that were fixed by us with CVE-2015-0293 in 2015:
- CVE-2016-0703 (bsc#968051): This issue only affected versions of
OpenSSL prior to March 19th 2015 at which time the code was refactored
to address vulnerability CVE-2015-0293. It would have made the above
'DROWN' attack much easier.
- CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2'
This issue only affected versions of OpenSSL prior to March 19th
2015 at which time the code was refactored to address vulnerability
CVE-2015-0293. It would have made the above 'DROWN' attack much easier.
openssl non-security bugs fixed:
- Avoid running OPENSSL_config twice. This avoids breaking
engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787)
curl security issues fixed:
- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)
curl non-security bugs fixed:
- bsc#926511: Check for errors on the control connection during FTP transfers
openldap2 security issue fixed:
- CVE-2015-6908. Passing a crafted packet to the function ber_get_next(),
an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582).
Patchnames
SUSE-SLE-Module-Containers-12-2016-457
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for sles11sp4-docker-image", title: "Title of the patch", }, { category: "description", text: "\nThis rebuild for sles11sp4-docker-image fixes several important security issues\ndone in libraries contained inside, for glibc, openssl, curl and openldap2.\n\nglibc security fixes:\n\n- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)\n- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)\n- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)\n- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)\n- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)\n- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)\n\nglibc non-security bugfixes:\n\n- bsc#930721: Accept leading and trailing spaces in getdate input string\n- bsc#942317: Recognize power8 platform \n- bsc#950944: Always enable pointer guard\n- bsc#956988: Fix deadlock in __dl_iterate_phdr\n\nopenssl security issues fixed:\n\n- CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):\n OpenSSL was vulnerable to a cross-protocol attack that could lead to\n decryption of TLS sessions by using a server supporting SSLv2 and\n EXPORT cipher suites as a Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to:\n\n * Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment variable\n 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the\n SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already disabled SSL\n protocol 2 by default previously.\n\n * Disable all weak EXPORT ciphers by default. These can be reenabled\n if required by old legacy software using the environment variable\n 'OPENSSL_ALLOW_EXPORT'.\n\n- CVE-2016-0705 (bnc#968047):\n A double free() bug in the DSA ASN1 parser code was fixed that could\n be abused to facilitate a denial-of-service attack.\n\n- CVE-2016-0797 (bnc#968048):\n The BN_hex2bn() and BN_dec2bn() functions had a bug that could result\n in an attempt to de-reference a NULL pointer leading to crashes.\n This could have security consequences if these functions were ever\n called by user applications with large untrusted hex/decimal data. Also,\n internal usage of these functions in OpenSSL uses data from config files\n or application command line arguments. If user developed applications\n generated config file data based on untrusted data, then this could\n have had security consequences as well.\n\n- CVE-2016-0799 (bnc#968374)\n On many 64 bit systems, the internal fmtstr() and doapr_outch()\n functions could miscalculate the length of a string and attempt to\n access out-of-bounds memory locations. These problems could have\n enabled attacks where large amounts of untrusted data is passed to\n the BIO_*printf functions. If applications use these functions in\n this way then they could have been vulnerable. OpenSSL itself uses\n these functions when printing out human-readable dumps of ASN.1\n data. Therefore applications that print this data could have been\n vulnerable if the data is from untrusted sources. OpenSSL command line\n applications could also have been vulnerable when they print out ASN.1\n data, or if untrusted data is passed as command line arguments. Libssl\n is not considered directly vulnerable.\n\n- CVE-2015-3197 (bsc#963415):\n The SSLv2 protocol did not block disabled ciphers.\n\nNote that the March 1st 2016 release also references following CVEs\nthat were fixed by us with CVE-2015-0293 in 2015:\n\n- CVE-2016-0703 (bsc#968051): This issue only affected versions of\n OpenSSL prior to March 19th 2015 at which time the code was refactored\n to address vulnerability CVE-2015-0293. It would have made the above\n 'DROWN' attack much easier.\n- CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2'\n This issue only affected versions of OpenSSL prior to March 19th\n 2015 at which time the code was refactored to address vulnerability\n CVE-2015-0293. It would have made the above 'DROWN' attack much easier.\n\nopenssl non-security bugs fixed:\n\n- Avoid running OPENSSL_config twice. This avoids breaking\n engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787)\n\n\ncurl security issues fixed:\n\n- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)\n\ncurl non-security bugs fixed:\n- bsc#926511: Check for errors on the control connection during FTP transfers\n\nopenldap2 security issue fixed:\n\n- CVE-2015-6908. Passing a crafted packet to the function ber_get_next(),\n an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-Module-Containers-12-2016-457", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0778-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:0778-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20160778-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:0778-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001944.html", }, { category: "self", summary: "SUSE Bug 969591", url: "https://bugzilla.suse.com/969591", }, { category: "self", summary: "SUSE CVE CVE-2014-9761 page", url: "https://www.suse.com/security/cve/CVE-2014-9761/", }, { category: "self", summary: "SUSE CVE CVE-2015-3197 page", url: "https://www.suse.com/security/cve/CVE-2015-3197/", }, { category: "self", summary: "SUSE CVE CVE-2015-6908 page", url: "https://www.suse.com/security/cve/CVE-2015-6908/", }, { category: "self", summary: "SUSE CVE CVE-2015-7547 page", url: "https://www.suse.com/security/cve/CVE-2015-7547/", }, { category: "self", summary: "SUSE CVE CVE-2015-8776 page", url: "https://www.suse.com/security/cve/CVE-2015-8776/", }, { category: "self", summary: "SUSE CVE CVE-2015-8777 page", url: "https://www.suse.com/security/cve/CVE-2015-8777/", }, { category: "self", summary: "SUSE CVE CVE-2015-8778 page", url: "https://www.suse.com/security/cve/CVE-2015-8778/", }, { category: "self", summary: "SUSE CVE CVE-2015-8779 page", url: "https://www.suse.com/security/cve/CVE-2015-8779/", }, { category: "self", summary: "SUSE CVE CVE-2016-0702 page", url: "https://www.suse.com/security/cve/CVE-2016-0702/", }, { category: "self", summary: "SUSE CVE CVE-2016-0703 page", url: "https://www.suse.com/security/cve/CVE-2016-0703/", }, { category: "self", summary: "SUSE CVE CVE-2016-0704 page", url: "https://www.suse.com/security/cve/CVE-2016-0704/", }, { category: "self", summary: "SUSE CVE CVE-2016-0705 page", url: "https://www.suse.com/security/cve/CVE-2016-0705/", }, { category: "self", summary: "SUSE CVE CVE-2016-0755 page", url: "https://www.suse.com/security/cve/CVE-2016-0755/", }, { category: "self", summary: "SUSE CVE CVE-2016-0797 page", url: "https://www.suse.com/security/cve/CVE-2016-0797/", }, { category: "self", summary: "SUSE CVE CVE-2016-0799 page", url: "https://www.suse.com/security/cve/CVE-2016-0799/", }, { category: "self", summary: "SUSE CVE CVE-2016-0800 page", url: "https://www.suse.com/security/cve/CVE-2016-0800/", }, ], title: "Security update for sles11sp4-docker-image", tracking: { current_release_date: "2016-03-15T17:01:49Z", generator: { date: "2016-03-15T17:01:49Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:0778-1", initial_release_date: "2016-03-15T17:01:49Z", revision_history: [ { date: "2016-03-15T17:01:49Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "sles11sp4-docker-image-1.1.1-20160304104123.s390x", product: { name: "sles11sp4-docker-image-1.1.1-20160304104123.s390x", product_id: "sles11sp4-docker-image-1.1.1-20160304104123.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "sles11sp4-docker-image-1.1.1-20160304104123.x86_64", product: { name: "sles11sp4-docker-image-1.1.1-20160304104123.x86_64", product_id: "sles11sp4-docker-image-1.1.1-20160304104123.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 12", product: { name: "SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "sles11sp4-docker-image-1.1.1-20160304104123.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", }, product_reference: "sles11sp4-docker-image-1.1.1-20160304104123.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "sles11sp4-docker-image-1.1.1-20160304104123.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", }, product_reference: "sles11sp4-docker-image-1.1.1-20160304104123.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, ], }, vulnerabilities: [ { cve: "CVE-2014-9761", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9761", }, ], notes: [ { category: "general", text: "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9761", url: "https://www.suse.com/security/cve/CVE-2014-9761", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2014-9761", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962738 for CVE-2014-9761", url: "https://bugzilla.suse.com/962738", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2014-9761", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "critical", }, ], title: "CVE-2014-9761", }, { cve: "CVE-2015-3197", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-3197", }, ], notes: [ { category: "general", text: "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-3197", url: "https://www.suse.com/security/cve/CVE-2015-3197", }, { category: "external", summary: "SUSE Bug 963410 for CVE-2015-3197", url: "https://bugzilla.suse.com/963410", }, { category: "external", summary: "SUSE Bug 963415 for CVE-2015-3197", url: "https://bugzilla.suse.com/963415", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2015-3197", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968046 for CVE-2015-3197", url: "https://bugzilla.suse.com/968046", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "low", }, ], title: "CVE-2015-3197", }, { cve: "CVE-2015-6908", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-6908", }, ], notes: [ { category: "general", text: "The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-6908", url: "https://www.suse.com/security/cve/CVE-2015-6908", }, { category: "external", summary: "SUSE Bug 945582 for CVE-2015-6908", url: "https://bugzilla.suse.com/945582", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "important", }, ], title: "CVE-2015-6908", }, { cve: "CVE-2015-7547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7547", }, ], notes: [ { category: "general", text: "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7547", url: "https://www.suse.com/security/cve/CVE-2015-7547", }, { category: "external", summary: "SUSE Bug 1077097 for CVE-2015-7547", url: "https://bugzilla.suse.com/1077097", }, { category: "external", summary: "SUSE Bug 847227 for CVE-2015-7547", url: "https://bugzilla.suse.com/847227", }, { category: "external", summary: "SUSE Bug 961721 for CVE-2015-7547", url: "https://bugzilla.suse.com/961721", }, { category: "external", summary: "SUSE Bug 967023 for CVE-2015-7547", url: "https://bugzilla.suse.com/967023", }, { category: "external", summary: "SUSE Bug 967061 for CVE-2015-7547", url: "https://bugzilla.suse.com/967061", }, { category: "external", summary: "SUSE Bug 967072 for CVE-2015-7547", url: "https://bugzilla.suse.com/967072", }, { category: "external", summary: "SUSE Bug 967496 for CVE-2015-7547", url: "https://bugzilla.suse.com/967496", }, { category: "external", summary: "SUSE Bug 969216 for CVE-2015-7547", url: "https://bugzilla.suse.com/969216", }, { category: "external", summary: "SUSE Bug 969241 for CVE-2015-7547", url: "https://bugzilla.suse.com/969241", }, { category: "external", summary: "SUSE Bug 969591 for CVE-2015-7547", url: "https://bugzilla.suse.com/969591", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-7547", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "important", }, ], title: "CVE-2015-7547", }, { cve: "CVE-2015-8776", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8776", }, ], notes: [ { category: "general", text: "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8776", url: "https://www.suse.com/security/cve/CVE-2015-8776", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8776", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962736 for CVE-2015-8776", url: "https://bugzilla.suse.com/962736", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8776", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "low", }, ], title: "CVE-2015-8776", }, { cve: "CVE-2015-8777", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8777", }, ], notes: [ { category: "general", text: "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8777", url: "https://www.suse.com/security/cve/CVE-2015-8777", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8777", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 950944 for CVE-2015-8777", url: "https://bugzilla.suse.com/950944", }, { category: "external", summary: "SUSE Bug 962735 for CVE-2015-8777", url: "https://bugzilla.suse.com/962735", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "low", }, ], title: "CVE-2015-8777", }, { cve: "CVE-2015-8778", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8778", }, ], notes: [ { category: "general", text: "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8778", url: "https://www.suse.com/security/cve/CVE-2015-8778", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8778", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962737 for CVE-2015-8778", url: "https://bugzilla.suse.com/962737", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8778", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "low", }, ], title: "CVE-2015-8778", }, { cve: "CVE-2015-8779", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8779", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8779", url: "https://www.suse.com/security/cve/CVE-2015-8779", }, { category: "external", summary: "SUSE Bug 1123874 for CVE-2015-8779", url: "https://bugzilla.suse.com/1123874", }, { category: "external", summary: "SUSE Bug 962739 for CVE-2015-8779", url: "https://bugzilla.suse.com/962739", }, { category: "external", summary: "SUSE Bug 965453 for CVE-2015-8779", url: "https://bugzilla.suse.com/965453", }, { category: "external", summary: "SUSE Bug 986086 for CVE-2015-8779", url: "https://bugzilla.suse.com/986086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "important", }, ], title: "CVE-2015-8779", }, { cve: "CVE-2016-0702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0702", }, ], notes: [ { category: "general", text: "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0702", url: "https://www.suse.com/security/cve/CVE-2016-0702", }, { category: "external", summary: "SUSE Bug 1007806 for CVE-2016-0702", url: "https://bugzilla.suse.com/1007806", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0702", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968050 for CVE-2016-0702", url: "https://bugzilla.suse.com/968050", }, { category: "external", summary: "SUSE Bug 971238 for CVE-2016-0702", url: "https://bugzilla.suse.com/971238", }, { category: "external", summary: "SUSE Bug 990370 for CVE-2016-0702", url: "https://bugzilla.suse.com/990370", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "important", }, ], title: "CVE-2016-0702", }, { cve: "CVE-2016-0703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0703", }, ], notes: [ { category: "general", text: "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0703", url: "https://www.suse.com/security/cve/CVE-2016-0703", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0703", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968046 for CVE-2016-0703", url: "https://bugzilla.suse.com/968046", }, { category: "external", summary: "SUSE Bug 968051 for CVE-2016-0703", url: "https://bugzilla.suse.com/968051", }, { category: "external", summary: "SUSE Bug 986238 for CVE-2016-0703", url: "https://bugzilla.suse.com/986238", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "moderate", }, ], title: "CVE-2016-0703", }, { cve: "CVE-2016-0704", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0704", }, ], notes: [ { category: "general", text: "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0704", url: "https://www.suse.com/security/cve/CVE-2016-0704", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0704", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968053 for CVE-2016-0704", url: "https://bugzilla.suse.com/968053", }, { category: "external", summary: "SUSE Bug 986238 for CVE-2016-0704", url: "https://bugzilla.suse.com/986238", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "moderate", }, ], title: "CVE-2016-0704", }, { cve: "CVE-2016-0705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0705", }, ], notes: [ { category: "general", text: "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0705", url: "https://www.suse.com/security/cve/CVE-2016-0705", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0705", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968047 for CVE-2016-0705", url: "https://bugzilla.suse.com/968047", }, { category: "external", summary: "SUSE Bug 971238 for CVE-2016-0705", url: "https://bugzilla.suse.com/971238", }, { category: "external", summary: "SUSE Bug 976341 for CVE-2016-0705", url: "https://bugzilla.suse.com/976341", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "critical", }, ], title: "CVE-2016-0705", }, { cve: "CVE-2016-0755", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0755", }, ], notes: [ { category: "general", text: "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0755", url: "https://www.suse.com/security/cve/CVE-2016-0755", }, { category: "external", summary: "SUSE Bug 962983 for CVE-2016-0755", url: "https://bugzilla.suse.com/962983", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "moderate", }, ], title: "CVE-2016-0755", }, { cve: "CVE-2016-0797", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0797", }, ], notes: [ { category: "general", text: "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0797", url: "https://www.suse.com/security/cve/CVE-2016-0797", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0797", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968048 for CVE-2016-0797", url: "https://bugzilla.suse.com/968048", }, { category: "external", summary: "SUSE Bug 990370 for CVE-2016-0797", url: "https://bugzilla.suse.com/990370", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "important", }, ], title: "CVE-2016-0797", }, { cve: "CVE-2016-0799", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0799", }, ], notes: [ { category: "general", text: "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0799", url: "https://www.suse.com/security/cve/CVE-2016-0799", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0799", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968374 for CVE-2016-0799", url: "https://bugzilla.suse.com/968374", }, { category: "external", summary: "SUSE Bug 969517 for CVE-2016-0799", url: "https://bugzilla.suse.com/969517", }, { category: "external", summary: "SUSE Bug 989345 for CVE-2016-0799", url: "https://bugzilla.suse.com/989345", }, { category: "external", summary: "SUSE Bug 990370 for CVE-2016-0799", url: "https://bugzilla.suse.com/990370", }, { category: "external", summary: "SUSE Bug 991722 for CVE-2016-0799", url: "https://bugzilla.suse.com/991722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "low", }, ], title: "CVE-2016-0799", }, { cve: "CVE-2016-0800", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0800", }, ], notes: [ { category: "general", text: "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0800", url: "https://www.suse.com/security/cve/CVE-2016-0800", }, { category: "external", summary: "SUSE Bug 1106871 for CVE-2016-0800", url: "https://bugzilla.suse.com/1106871", }, { category: "external", summary: "SUSE Bug 961377 for CVE-2016-0800", url: "https://bugzilla.suse.com/961377", }, { category: "external", summary: "SUSE Bug 968044 for CVE-2016-0800", url: "https://bugzilla.suse.com/968044", }, { category: "external", summary: "SUSE Bug 968046 for CVE-2016-0800", url: "https://bugzilla.suse.com/968046", }, { category: "external", summary: "SUSE Bug 968888 for CVE-2016-0800", url: "https://bugzilla.suse.com/968888", }, { category: "external", summary: "SUSE Bug 969591 for CVE-2016-0800", url: "https://bugzilla.suse.com/969591", }, { category: "external", summary: "SUSE Bug 979060 for CVE-2016-0800", url: "https://bugzilla.suse.com/979060", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x", "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-03-15T17:01:49Z", details: "moderate", }, ], title: "CVE-2016-0800", }, ], }
cve-2016-0702
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:03.570Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2016-2802690366", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html", }, { name: "openSUSE-SU-2016:1242", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html", }, { name: "SUSE-SU-2016:1267", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html", }, { name: "FEDORA-2016-e6807b3394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "HPSBGN03563", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145889460330120&w=2", }, { name: "USN-2914-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { tags: [ "x_transferred", ], url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "SUSE-SU-2016:1360", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { name: "DSA-3500", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160301.txt", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "SUSE-SU-2016:1290", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html", }, { name: "openSUSE-SU-2016:1273", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-15", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035133", }, { tags: [ "x_transferred", ], url: "http://cachebleed.info", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2016-2802690366", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html", }, { name: "openSUSE-SU-2016:1242", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html", }, { name: "SUSE-SU-2016:1267", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html", }, { name: "FEDORA-2016-e6807b3394", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "HPSBGN03563", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145889460330120&w=2", }, { name: "USN-2914-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "SUSE-SU-2016:1360", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { name: "DSA-3500", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "https://www.openssl.org/news/secadv/20160301.txt", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "SUSE-SU-2016:1290", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html", }, { name: "openSUSE-SU-2016:1273", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-15", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035133", }, { url: "http://cachebleed.info", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0702", datePublished: "2016-03-03T00:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:03.570Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0800
Vulnerability from cvelistv5
Published
2016-03-01 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:05.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10154", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/drown", }, { name: "HPSBMU03573", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=146133665209436&w=2", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { name: "HPSBMU03575", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=146108058503441&w=2", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { tags: [ "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20160301-0001/", }, { name: "HPSBGN03569", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145983526810210&w=2", }, { tags: [ "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { name: "VU#583776", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/583776", }, { tags: [ "x_transferred", ], url: "https://drownattack.com", }, { tags: [ "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554", }, { name: "83733", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/83733", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "RHSA-2016:1519", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1519.html", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160301.txt", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722", }, { tags: [ "x_transferred", ], url: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-15", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", }, { tags: [ "x_transferred", ], url: "http://support.citrix.com/article/CTX208403", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035133", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10154", }, { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { url: "https://access.redhat.com/security/vulnerabilities/drown", }, { name: "HPSBMU03573", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=146133665209436&w=2", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05307589", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { name: "HPSBMU03575", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=146108058503441&w=2", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176765", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-openssl-en", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { url: "https://security.netapp.com/advisory/ntap-20160301-0001/", }, { name: "HPSBGN03569", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145983526810210&w=2", }, { url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05096953", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { name: "VU#583776", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/583776", }, { url: "https://drownattack.com", }, { url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05143554", }, { name: "83733", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/83733", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "RHSA-2016:1519", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1519.html", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "https://www.openssl.org/news/secadv/20160301.txt", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722", }, { url: "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-15", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", }, { url: "http://support.citrix.com/article/CTX208403", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035133", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdf", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0800", datePublished: "2016-03-01T00:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:05.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8778
Vulnerability from cvelistv5
Published
2016-04-19 21:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:21.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18240", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "83275", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/83275", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-19T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-05T01:06:08", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18240", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "83275", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/83275", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-8778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:0471", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=18240", refsource: "CONFIRM", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18240", }, { name: "SUSE-SU-2016:0470", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", refsource: "MLIST", url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "DSA-3480", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "83275", refsource: "BID", url: "http://www.securityfocus.com/bid/83275", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Sep/7", }, { name: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-8778", datePublished: "2016-04-19T21:00:00", dateReserved: "2016-01-19T00:00:00", dateUpdated: "2024-08-06T08:29:21.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9761
Vulnerability from cvelistv5
Published
2016-04-19 21:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:55:04.586Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "83306", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/83306", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=16962", }, { name: "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Jun/18", }, { name: "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/14", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-19T00:00:00", descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-05T01:06:06", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "83306", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/83306", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=16962", }, { name: "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Jun/18", }, { name: "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jun/14", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2014-9761", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:0471", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "openSUSE-SU-2016:0510", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201702-11", }, { name: "SUSE-SU-2016:0472", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", refsource: "MLIST", url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "83306", refsource: "BID", url: "http://www.securityfocus.com/bid/83306", }, { name: "USN-2985-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=16962", refsource: "CONFIRM", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=16962", }, { name: "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Jun/18", }, { name: "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jun/14", }, { name: "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Sep/7", }, { name: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-9761", datePublished: "2016-04-19T21:00:00", dateReserved: "2016-01-19T00:00:00", dateUpdated: "2024-08-06T13:55:04.586Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0799
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:05.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "83755", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/83755", }, { name: "FEDORA-2016-2802690366", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { name: "RHSA-2016:2073", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html", }, { name: "FEDORA-2016-e6807b3394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "HPSBMU03575", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=146108058503441&w=2", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { name: "HPSBGN03569", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145983526810210&w=2", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "USN-2914-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { tags: [ "x_transferred", ], url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { name: "DSA-3500", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { name: "RHSA-2016:0996", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160301.txt", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-15", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035133", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800", }, { name: "RHSA-2016:0722", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "83755", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/83755", }, { name: "FEDORA-2016-2802690366", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", }, { name: "RHSA-2016:2073", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html", }, { name: "FEDORA-2016-e6807b3394", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "HPSBMU03575", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=146108058503441&w=2", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { name: "HPSBGN03569", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145983526810210&w=2", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "USN-2914-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { name: "DSA-3500", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { name: "RHSA-2016:0996", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "https://www.openssl.org/news/secadv/20160301.txt", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-15", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035133", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800", }, { name: "RHSA-2016:0722", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0799", datePublished: "2016-03-03T00:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:05.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6908
Vulnerability from cvelistv5
Published
2015-09-11 16:00
Modified
2024-08-06 07:36
Severity ?
EPSS score ?
Summary
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:36:34.937Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "76714", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/76714", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT205637", }, { name: "openSUSE-SU-2016:0255", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html", }, { name: "SUSE-SU-2016:0224", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629", }, { name: "DSA-3356", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3356", }, { name: "APPLE-SA-2015-12-08-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "USN-2742-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2742-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240", }, { name: "RHSA-2015:1840", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1840.html", }, { name: "1033534", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033534", }, { name: "openSUSE-SU-2016:0261", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html", }, { name: "SUSE-SU-2016:0262", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html", }, { name: "openSUSE-SU-2016:0226", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-09T00:00:00", descriptions: [ { lang: "en", value: "The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-20T16:57:01", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "76714", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/76714", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT205637", }, { name: "openSUSE-SU-2016:0255", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html", }, { name: "SUSE-SU-2016:0224", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629", }, { name: "DSA-3356", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3356", }, { name: "APPLE-SA-2015-12-08-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "USN-2742-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2742-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240", }, { name: "RHSA-2015:1840", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1840.html", }, { name: "1033534", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033534", }, { name: "openSUSE-SU-2016:0261", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html", }, { name: "SUSE-SU-2016:0262", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html", }, { name: "openSUSE-SU-2016:0226", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2015-6908", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "76714", refsource: "BID", url: "http://www.securityfocus.com/bid/76714", }, { name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf", refsource: "CONFIRM", url: "http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf", }, { name: "https://support.apple.com/HT205637", refsource: "CONFIRM", url: "https://support.apple.com/HT205637", }, { name: "openSUSE-SU-2016:0255", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html", }, { name: "SUSE-SU-2016:0224", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html", }, { name: "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629", refsource: "CONFIRM", url: "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629", }, { name: "DSA-3356", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3356", }, { name: "APPLE-SA-2015-12-08-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "USN-2742-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2742-1", }, { name: "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240", refsource: "CONFIRM", url: "http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240", }, { name: "RHSA-2015:1840", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1840.html", }, { name: "1033534", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033534", }, { name: "openSUSE-SU-2016:0261", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html", }, { name: "SUSE-SU-2016:0262", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html", }, { name: "openSUSE-SU-2016:0226", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2015-6908", datePublished: "2015-09-11T16:00:00", dateReserved: "2015-09-11T00:00:00", dateUpdated: "2024-08-06T07:36:34.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8777
Vulnerability from cvelistv5
Published
2016-01-20 02:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:21.801Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "81469", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/81469", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", }, { name: "FEDORA-2016-0480defc94", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "1034811", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034811", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-05T00:00:00", descriptions: [ { lang: "en", value: "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { tags: [ "x_refsource_MISC", ], url: "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "81469", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/81469", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", }, { name: "FEDORA-2016-0480defc94", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "1034811", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034811", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-8777", datePublished: "2016-01-20T02:00:00", dateReserved: "2016-01-19T00:00:00", dateUpdated: "2024-08-06T08:29:21.801Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0704
Vulnerability from cvelistv5
Published
2016-03-02 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:03.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "83764", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/83764", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { tags: [ "x_transferred", ], url: "https://drownattack.com", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97", }, { tags: [ "x_transferred", ], url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160301.txt", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-15", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035133", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "83764", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/83764", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { url: "https://drownattack.com", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97", }, { url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "https://www.openssl.org/news/secadv/20160301.txt", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-15", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035133", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0704", datePublished: "2016-03-02T00:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:03.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0797
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:05.030Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "83763", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/83763", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10156", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { name: "HPSBGN03563", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145889460330120&w=2", }, { name: "USN-2914-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d", }, { tags: [ "x_transferred", ], url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { name: "DSA-3500", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160301.txt", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-15", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035133", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "83763", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/83763", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10156", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { name: "HPSBGN03563", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145889460330120&w=2", }, { name: "USN-2914-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d", }, { url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { name: "DSA-3500", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "https://www.openssl.org/news/secadv/20160301.txt", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-15", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035133", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0797", datePublished: "2016-03-03T00:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:05.030Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7547
Vulnerability from cvelistv5
Published
2016-02-18 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035020", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035020", }, { name: "HPSBGN03582", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=146161017210491&w=2", }, { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "RHSA-2016:0175", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0175.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18665", }, { name: "HPSBGN03551", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145857691004892&w=2", }, { name: "RHSA-2016:0225", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0225.html", }, { name: "FEDORA-2016-0f9e9a34ce", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "USN-2900-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-2900-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "RHSA-2016:0277", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0277.html", }, { name: "openSUSE-SU-2016:0511", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20160217-0002/", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/len_5450", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2017-08", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0002.html", }, { name: "HPSBGN03549", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145672440608228&w=2", }, { name: "83265", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/83265", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201602-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937", }, { name: "HPSBGN03547", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145596041017029&w=2", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "40339", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40339/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa114", }, { name: "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293532", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html", }, { name: "RHSA-2016:0176", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0176.html", }, { name: "FEDORA-2016-0480defc94", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { name: "openSUSE-SU-2016:0512", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01", }, { name: "39454", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39454/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX206991", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en", }, { name: "VU#457759", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/457759", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/articles/2161461", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10150", }, { name: "HPSBGN03442", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145690841819314&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, { name: "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Sep/0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17", }, { name: "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Jun/36", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-20T18:06:34", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1035020", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035020", }, { name: "HPSBGN03582", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=146161017210491&w=2", }, { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "RHSA-2016:0175", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0175.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18665", }, { name: "HPSBGN03551", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145857691004892&w=2", }, { name: "RHSA-2016:0225", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0225.html", }, { name: "FEDORA-2016-0f9e9a34ce", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "USN-2900-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-2900-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "RHSA-2016:0277", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0277.html", }, { name: "openSUSE-SU-2016:0511", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html", }, { tags: [ "x_refsource_MISC", ], url: "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20160217-0002/", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/product_security/len_5450", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2017-08", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2016-0002.html", }, { name: "HPSBGN03549", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145672440608228&w=2", }, { name: "83265", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/83265", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201602-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937", }, { name: "HPSBGN03547", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145596041017029&w=2", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "40339", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40339/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bto.bluecoat.com/security-advisory/sa114", }, { name: "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1293532", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html", }, { name: "RHSA-2016:0176", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0176.html", }, { name: "FEDORA-2016-0480defc94", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", }, { name: "openSUSE-SU-2016:0512", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01", }, { name: "39454", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39454/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX206991", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en", }, { name: "VU#457759", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/457759", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/articles/2161461", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10150", }, { name: "HPSBGN03442", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=145690841819314&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, { name: "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Sep/0", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17", }, { name: "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2022/Jun/36", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7547", datePublished: "2016-02-18T21:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0705
Vulnerability from cvelistv5
Published
2016-03-03 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:04.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2016-2802690366", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085", }, { tags: [ "x_transferred", ], url: "http://source.android.com/security/bulletin/2016-05-01.html", }, { name: "RHSA-2018:2713", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2713", }, { name: "FEDORA-2016-e6807b3394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html", }, { name: "HPSBMU03575", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=146108058503441&w=2", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88", }, { name: "openSUSE-SU-2016:1332", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617", }, { name: "HPSBGN03563", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145889460330120&w=2", }, { name: "HPSBGN03569", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145983526810210&w=2", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "RHSA-2018:2575", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2575", }, { name: "USN-2914-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404", }, { tags: [ "x_transferred", ], url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "RHSA-2018:2568", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2568", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { name: "DSA-3500", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160301.txt", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-15", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035133", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990", }, { name: "83754", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/83754", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2016-2802690366", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085", }, { url: "http://source.android.com/security/bulletin/2016-05-01.html", }, { name: "RHSA-2018:2713", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2713", }, { name: "FEDORA-2016-e6807b3394", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html", }, { name: "HPSBMU03575", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=146108058503441&w=2", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88", }, { name: "openSUSE-SU-2016:1332", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617", }, { name: "HPSBGN03563", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145889460330120&w=2", }, { name: "HPSBGN03569", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145983526810210&w=2", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "RHSA-2018:2575", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2575", }, { name: "USN-2914-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2914-1", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { name: "openSUSE-SU-2016:1566", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404", }, { url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", }, { name: "RHSA-2018:2568", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2568", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { name: "DSA-3500", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3500", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "https://www.openssl.org/news/secadv/20160301.txt", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-15", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035133", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "openSUSE-SU-2016:0627", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990", }, { name: "83754", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/83754", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0705", datePublished: "2016-03-03T00:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:04.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0755
Vulnerability from cvelistv5
Published
2016-01-29 20:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:04.298Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2016-57bebab3b6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", }, { name: "openSUSE-SU-2016:0360", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", }, { name: "FEDORA-2016-3fa315a5dd", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", }, { name: "APPLE-SA-2016-09-20", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://curl.haxx.se/docs/adv_20160127A.html", }, { name: "SSA:2016-039-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965", }, { name: "DSA-3455", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3455", }, { name: "openSUSE-SU-2016:0376", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "82307", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/82307", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207170", }, { name: "openSUSE-SU-2016:0373", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", }, { name: "1034882", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034882", }, { name: "FEDORA-2016-5a141de5d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", }, { name: "USN-2882-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2882-1", }, { name: "GLSA-201701-47", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201701-47", }, { name: "FEDORA-2016-55137a3adb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-27T00:00:00", descriptions: [ { lang: "en", value: "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2016-57bebab3b6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", }, { name: "openSUSE-SU-2016:0360", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", }, { name: "FEDORA-2016-3fa315a5dd", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", }, { name: "APPLE-SA-2016-09-20", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://curl.haxx.se/docs/adv_20160127A.html", }, { name: "SSA:2016-039-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965", }, { name: "DSA-3455", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3455", }, { name: "openSUSE-SU-2016:0376", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "82307", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/82307", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207170", }, { name: "openSUSE-SU-2016:0373", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", }, { name: "1034882", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034882", }, { name: "FEDORA-2016-5a141de5d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", }, { name: "USN-2882-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2882-1", }, { name: "GLSA-201701-47", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201701-47", }, { name: "FEDORA-2016-55137a3adb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2016-57bebab3b6", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", }, { name: "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", }, { name: "openSUSE-SU-2016:0360", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", }, { name: "FEDORA-2016-3fa315a5dd", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", }, { name: "APPLE-SA-2016-09-20", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", }, { name: "http://curl.haxx.se/docs/adv_20160127A.html", refsource: "CONFIRM", url: "http://curl.haxx.se/docs/adv_20160127A.html", }, { name: "SSA:2016-039-01", refsource: "SLACKWARE", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965", }, { name: "DSA-3455", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3455", }, { name: "openSUSE-SU-2016:0376", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "82307", refsource: "BID", url: "http://www.securityfocus.com/bid/82307", }, { name: "https://support.apple.com/HT207170", refsource: "CONFIRM", url: "https://support.apple.com/HT207170", }, { name: "openSUSE-SU-2016:0373", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", }, { name: "1034882", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034882", }, { name: "FEDORA-2016-5a141de5d9", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", }, { name: "USN-2882-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2882-1", }, { name: "GLSA-201701-47", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-47", }, { name: "FEDORA-2016-55137a3adb", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0755", datePublished: "2016-01-29T20:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:04.298Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8776
Vulnerability from cvelistv5
Published
2016-04-19 21:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:21.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "83277", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/83277", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18985", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-19T00:00:00", descriptions: [ { lang: "en", value: "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "83277", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/83277", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18985", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-8776", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:0471", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", refsource: "MLIST", url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "83277", refsource: "BID", url: "http://www.securityfocus.com/bid/83277", }, { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=18985", refsource: "CONFIRM", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=18985", }, { name: "DSA-3480", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "USN-2985-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-8776", datePublished: "2016-04-19T21:00:00", dateReserved: "2016-01-19T00:00:00", dateUpdated: "2024-08-06T08:29:21.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0703
Vulnerability from cvelistv5
Published
2016-03-02 00:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:03.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "83743", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/83743", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { tags: [ "x_transferred", ], url: "https://drownattack.com", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97", }, { tags: [ "x_transferred", ], url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160301.txt", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201603-15", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1035133", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-01T00:00:00", descriptions: [ { lang: "en", value: "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "83743", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/83743", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { name: "FreeBSD-SA-16:12", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168", }, { url: "https://drownattack.com", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=ae50d8270026edf5b3c7f8aaa0c6677462b33d97", }, { url: "http://openssl.org/news/secadv/20160301.txt", }, { name: "20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "https://www.openssl.org/news/secadv/20160301.txt", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "GLSA-201603-15", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201603-15", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { name: "1035133", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1035133", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0703", datePublished: "2016-03-02T00:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:03.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8779
Vulnerability from cvelistv5
Published
2016-04-19 21:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:22.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "82244", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/82244", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=17905", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-19T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-05T01:06:06", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SU-2016:0471", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "82244", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/82244", }, { name: "DSA-3480", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3480", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=17905", }, { name: "USN-2985-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Sep/7", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-8779", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SU-2016:0471", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", }, { name: "FEDORA-2016-68abc0be35", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", }, { name: "RHSA-2017:1916", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1916", }, { name: "DSA-3481", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3481", }, { name: "openSUSE-SU-2016:0510", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html", }, { name: "SUSE-SU-2016:0470", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", }, { name: "RHSA-2017:0680", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0680.html", }, { name: "USN-2985-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-2", }, { name: "[oss-security] 20160119 Re: CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/20/1", }, { name: "GLSA-201702-11", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201702-11", }, { name: "GLSA-201602-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201602-02", }, { name: "SUSE-SU-2016:0472", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", }, { name: "SUSE-SU-2016:0473", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", }, { name: "[libc-alpha] 20160219 The GNU C Library version 2.23 is now available", refsource: "MLIST", url: "https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html", }, { name: "[oss-security] 20160119 CVE assignment request for security bugs fixed in glibc 2.23", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/19/11", }, { name: "82244", refsource: "BID", url: "http://www.securityfocus.com/bid/82244", }, { name: "DSA-3480", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3480", }, { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=17905", refsource: "CONFIRM", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=17905", }, { name: "USN-2985-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2985-1", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Sep/7", }, { name: "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Sep/7", }, { name: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-8779", datePublished: "2016-04-19T21:00:00", dateReserved: "2016-01-19T00:00:00", dateUpdated: "2024-08-06T08:29:22.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3197
Vulnerability from cvelistv5
Published
2016-02-15 00:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:31.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "FEDORA-2016-527018d2ff", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "1034849", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1034849", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_transferred", ], url: "http://www.openssl.org/news/secadv/20160128.txt", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", }, { name: "GLSA-201601-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201601-05", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "VU#257823", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/257823", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "82237", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/82237", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { name: "FreeBSD-SA-16:11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-28T00:00:00", descriptions: [ { lang: "en", value: "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "FEDORA-2016-527018d2ff", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "openSUSE-SU-2016:0638", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "openSUSE-SU-2016:1239", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html", }, { name: "SUSE-SU-2016:0621", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html", }, { name: "1034849", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1034849", }, { name: "openSUSE-SU-2016:0640", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { url: "http://www.openssl.org/news/secadv/20160128.txt", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "SUSE-SU-2016:1057", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893", }, { name: "GLSA-201601-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201601-05", }, { name: "openSUSE-SU-2016:1241", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html", }, { name: "openSUSE-SU-2016:0720", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us", }, { name: "SUSE-SU-2016:0624", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html", }, { name: "SUSE-SU-2016:0631", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "91787", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "SUSE-SU-2016:0617", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html", }, { name: "VU#257823", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/257823", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "openSUSE-SU-2016:0628", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "82237", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/82237", }, { name: "SUSE-SU-2016:0678", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html", }, { name: "SUSE-SU-2016:0620", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html", }, { name: "openSUSE-SU-2016:0637", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html", }, { name: "SUSE-SU-2016:0641", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { name: "FreeBSD-SA-16:11", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3197", datePublished: "2016-02-15T00:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:31.828Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.