ID CVE-2016-2182
Summary The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*
    cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*
  • cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*
    cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*
  • cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 14-07-2018 - 01:29)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2016:1940
  • rhsa
    id RHSA-2018:2185
  • rhsa
    id RHSA-2018:2186
  • rhsa
    id RHSA-2018:2187
rpms
  • openssl-1:1.0.1e-51.el7_2.7
  • openssl-devel-1:1.0.1e-51.el7_2.7
  • openssl-libs-1:1.0.1e-51.el7_2.7
  • openssl-perl-1:1.0.1e-51.el7_2.7
  • openssl-static-1:1.0.1e-51.el7_2.7
  • openssl-0:1.0.1e-48.el6_8.3
  • openssl-devel-0:1.0.1e-48.el6_8.3
  • openssl-perl-0:1.0.1e-48.el6_8.3
  • openssl-static-0:1.0.1e-48.el6_8.3
refmap via4
bid 92557
confirm
freebsd FreeBSD-SA-16:26
sectrack
  • 1036688
  • 1037968
Last major update 14-07-2018 - 01:29
Published 16-09-2016 - 05:59
Back to Top