5.9

CVE-2016-6306

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.1q
OpenSSLOpenSSL Version1.0.1r
OpenSSLOpenSSL Version1.0.1s
OpenSSLOpenSSL Version1.0.1t
HpIcewall Federation Agent Version3.0
HpIcewall Mcrp Version3.0
HpIcewall Sso Version10.0 SwEditioncertd
HpIcewall Sso Version10.0 SwEditiondfw
HpIcewall Sso Agent Option Version10.0
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2 Updatebeta1
OpenSSLOpenSSL Version1.0.2 Updatebeta2
OpenSSLOpenSSL Version1.0.2 Updatebeta3
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
OpenSSLOpenSSL Version1.0.2h
NodejsNode.Js SwEdition- Version >= 0.10.0 < 0.10.47
NodejsNode.Js SwEdition- Version >= 0.12.0 < 0.12.16
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.6.0
NodejsNode.Js SwEdition- Version >= 5.0.0 <= 5.12.0
NodejsNode.Js SwEdition- Version >= 6.0.0 < 6.7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 41.68% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory
https://www.tenable.com/security/tns-2016-20
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Third Party Advisory
https://security.gentoo.org/glsa/201612-16
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-1940.html
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Jul/31
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3673
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-2
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa132
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Third Party Advisory
https://www.tenable.com/security/tns-2016-16
Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
Third Party Advisory
Mailing List
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2185
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2186
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2187
Third Party Advisory
http://www.securitytracker.com/id/1036885
Third Party Advisory
VDB Entry
https://www.openssl.org/news/secadv/20160922.txt
Vendor Advisory
http://www.securityfocus.com/bid/93153
Third Party Advisory
VDB Entry
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
https://support.f5.com/csp/article/K90492697
Third Party Advisory