7.5

CVE-2016-0797

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.1q
OpenSSLOpenSSL Version1.0.1r
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2 Updatebeta1
OpenSSLOpenSSL Version1.0.2 Updatebeta2
OpenSSLOpenSSL Version1.0.2 Updatebeta3
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
NodejsNode.Js SwEdition- Version >= 4.0.0 < 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.3.2
NodejsNode.Js Version >= 5.0.0 < 5.7.1
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 27.02% 0.978
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Third Party Advisory
Mailing List
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
Third Party Advisory
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
Third Party Advisory
Mailing List
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
Third Party Advisory
Mailing List
https://kc.mcafee.com/corporate/index?page=content&id=SB10156
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
Third Party Advisory
Mailing List
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
Third Party Advisory
http://www.securitytracker.com/id/1035133
Third Party Advisory
VDB Entry
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
Third Party Advisory
https://security.gentoo.org/glsa/201603-15
Third Party Advisory
https://www.openssl.org/news/secadv/20160301.txt
Vendor Advisory
http://openssl.org/news/secadv/20160301.txt
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=145889460330120&w=2
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3500
Third Party Advisory
http://www.ubuntu.com/usn/USN-2914-1
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
Third Party Advisory
http://www.securityfocus.com/bid/83763
Third Party Advisory
VDB Entry
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d