CVE-2016-0797 - Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attac

CVE-2016-0797

Summary

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

References

Vulnerable Configurations

cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc1:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc1:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc2:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc2:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc3:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc3:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc4:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc4:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc5:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.0.0:rc5:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 13-12-2022 - 12:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2016:2957

rpms

openssl-0:1.0.1e-42.el6_7.4
openssl-1:1.0.1e-51.el7_2.4
openssl-debuginfo-0:1.0.1e-42.el6_7.4
openssl-debuginfo-1:1.0.1e-51.el7_2.4
openssl-devel-0:1.0.1e-42.el6_7.4
openssl-devel-1:1.0.1e-51.el7_2.4
openssl-libs-1:1.0.1e-51.el7_2.4
openssl-perl-0:1.0.1e-42.el6_7.4
openssl-perl-1:1.0.1e-51.el7_2.4
openssl-static-0:1.0.1e-42.el6_7.4
openssl-static-1:1.0.1e-51.el7_2.4
openssl-0:0.9.8e-39.el5_11
openssl-debuginfo-0:0.9.8e-39.el5_11
openssl-devel-0:0.9.8e-39.el5_11
openssl-perl-0:0.9.8e-39.el5_11
rhev-hypervisor7-0:7.2-20160302.1.el6ev
rhev-hypervisor7-0:7.2-20160302.1.el7ev

refmap via4

bid	83763 91787
cisco	20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
confirm	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://openssl.org/news/secadv/20160301.txt http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://git.openssl.org/?p=openssl.git;a=commit;h=c175308407858afff3fc8c2e5e085d94d12edc7d https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168 https://kc.mcafee.com/corporate/index?page=content&id=SB10156 https://www.openssl.org/news/secadv/20160301.txt
debian	DSA-3500
freebsd	FreeBSD-SA-16:12
gentoo	GLSA-201603-15
hp	HPSBGN03563
sectrack	1035133
suse	SUSE-SU-2016:0617 SUSE-SU-2016:0620 SUSE-SU-2016:0621 SUSE-SU-2016:0624 SUSE-SU-2016:0631 SUSE-SU-2016:0641 SUSE-SU-2016:0678 SUSE-SU-2016:1057 openSUSE-SU-2016:0627 openSUSE-SU-2016:0628 openSUSE-SU-2016:0637 openSUSE-SU-2016:0638 openSUSE-SU-2016:0640 openSUSE-SU-2016:0720 openSUSE-SU-2016:1239 openSUSE-SU-2016:1241 openSUSE-SU-2016:1566
ubuntu	USN-2914-1

Last major update

13-12-2022 - 12:15

Published

03-03-2016 - 20:59

Last modified

13-12-2022 - 12:15