cvelistv5 - cve-2016-7053

CVE-2016-7053 (GCVE-0-2016-7053)

Vulnerability from cvelistv5

Published

2017-05-04 19:00

Modified

2024-09-16 20:52

Severity ?

CWE

NULL pointer deference

Summary

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

References

URL

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: openssl-1.1.0 Version: openssl-1.1.0a Version: openssl-1.1.0b

WID-SEC-W-2024-0208

Vulnerability from csaf_certbund

Published

2016-11-10 23:00

Modified

2024-01-29 23:00

Summary

OpenSSL: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - CISCO Appliance - Juniper Appliance - Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Juniper Appliance\n- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0208 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0208.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0208 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0208"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory vom 2016-11-10",
        "url": "http://www.openssl.org/news/secadv/20161110.txt"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-20161114-openssl  vom 2016-11-20",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl"
      },
      {
        "category": "external",
        "summary": "BLUECOAT Security Advisory SA135 vom 2016-12-01",
        "url": "https://bto.bluecoat.com/security-advisory/sa135"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3181-1 vom 2017-01-31",
        "url": "http://www.ubuntu.com/usn/usn-3181-1/"
      },
      {
        "category": "external",
        "summary": "Tenable Advisory ID: TNS-2017-03",
        "url": "https://www.tenable.com/security/tns-2017-03"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K43570545 vom 2017-02-03",
        "url": "https://support.f5.com/csp/article/K43570545"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0431-1 vom 2017-02-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170431-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0441-1 vom 2017-02-11",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170441-1.html"
      },
      {
        "category": "external",
        "summary": "NetApp Advisory NTAP-20170127-0001",
        "url": "https://kb.netapp.com/support/s/article/ka51A00000007AWQAY/NTAP-20170127-0001?language=en_US"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory: FreeBSD-SA-17:02.openssl",
        "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0855-1 vom 2017-03-29",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170855-1.html"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-206 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-206.htm"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-205 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-205.htm"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-207 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-207.htm"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF03744",
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin JSA10775 vom 2017-07-12",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2185 vom 2018-07-13",
        "url": "https://access.redhat.com/errata/RHSA-2018:2185"
      },
      {
        "category": "external",
        "summary": "FortiGuard Labs OpenSSL Security Advisory",
        "url": "https://fortiguard.com/psirt/FG-IR-17-019"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA10990 vom 2020-01-08",
        "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026actp=RSS"
      },
      {
        "category": "external",
        "summary": "Dell Knowledge Base Article",
        "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:04:20.107+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0208",
      "initial_release_date": "2016-11-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "4",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "5",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "6",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-30T23:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-31T23:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-02T23:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-05T23:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-09T23:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-12T23:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-19T23:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-19T23:00:00.000+00:00",
          "number": "15",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-02-22T23:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-30T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-03T22:00:00.000+00:00",
          "number": "18",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-22T22:00:00.000+00:00",
          "number": "19",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-22T22:00:00.000+00:00",
          "number": "20",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-07-12T22:00:00.000+00:00",
          "number": "21",
          "summary": "New remediations available"
        },
        {
          "date": "2017-07-12T22:00:00.000+00:00",
          "number": "22",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-07-12T22:00:00.000+00:00",
          "number": "23",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-15T22:00:00.000+00:00",
          "number": "24",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-15T22:00:00.000+00:00",
          "number": "25",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "27",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "28",
          "summary": "Added references"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-01-29T23:00:00.000+00:00",
          "number": "30",
          "summary": "Schreibfehler korrigiert"
        }
      ],
      "status": "final",
      "version": "30"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco IOS XR",
            "product": {
              "name": "Cisco IOS XR",
              "product_id": "2062",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:ios_xr:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Network Analysis Module",
            "product": {
              "name": "Cisco Network Analysis Module",
              "product_id": "2084",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:network_analysis_module:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Security Manager (CSM)",
            "product": {
              "name": "Cisco Security Manager (CSM)",
              "product_id": "95918",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:security_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence SX20",
            "product": {
              "name": "Cisco TelePresence SX20",
              "product_id": "T000641",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence_sx20:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence Server",
            "product": {
              "name": "Cisco TelePresence Server",
              "product_id": "T001033",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:telepresence_server:2.2"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence System EX Series",
            "product": {
              "name": "Cisco TelePresence System EX Series",
              "product_id": "T000640",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence_system_ex_series:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Communications Manager (CUCM)",
            "product": {
              "name": "Cisco Unified Communications Manager (CUCM)",
              "product_id": "2142",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_communications_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Contact Center Enterprise",
            "product": {
              "name": "Cisco Unified Contact Center Enterprise",
              "product_id": "2143",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified IP Phone",
            "product": {
              "name": "Cisco Unified IP Phone",
              "product_id": "T001530",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:unified_ip_phones:::9900_series"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unity Connection",
            "product": {
              "name": "Cisco Unity Connection",
              "product_id": "161504",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unity_connection:1.1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Video Surveillance",
            "product": {
              "name": "Cisco Video Surveillance",
              "product_id": "64489",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:video_surveillance_ip_gateway_encoder_decoder:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco WebEx Meetings Server",
            "product": {
              "name": "Cisco WebEx Meetings Server",
              "product_id": "T001160",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:webex_meetings_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Wide Area Application Services",
            "product": {
              "name": "Cisco Wide Area Application Services",
              "product_id": "2186",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:wide_area_application_services:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker \u003c 19.10",
            "product": {
              "name": "Dell NetWorker \u003c 19.10",
              "product_id": "T032354",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:19.10"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 5.6.0",
                "product": {
                  "name": "Fortinet FortiOS \u003c 5.6.0",
                  "product_id": "T010101",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:5.6.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 5.4.6",
                "product": {
                  "name": "Fortinet FortiOS \u003c 5.4.6",
                  "product_id": "T011155",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:5.4.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiOS"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "FreeBSD Project FreeBSD OS",
            "product": {
              "name": "FreeBSD Project FreeBSD OS",
              "product_id": "4035",
              "product_identification_helper": {
                "cpe": "cpe:/o:freebsd:freebsd:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04",
            "product": {
              "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04",
              "product_id": "T009902",
              "product_identification_helper": {
                "cpe": "cpe:/a:hp:intelligent_management_center:7.3e0504p04"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "5930",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp OnCommand Unified Manager",
            "product": {
              "name": "NetApp OnCommand Unified Manager",
              "product_id": "T009408",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:oncommand_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenSSL \u003c 1.1.0c",
            "product": {
              "name": "Open Source OpenSSL \u003c 1.1.0c",
              "product_id": "T008912",
              "product_identification_helper": {
                "cpe": "cpe:/a:openssl:openssl:1.1.0c"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7053",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler bei der Verarbeitung von ASN.1 CHOICE Typen. Ein Angreifer kann dies durch \u00dcbermittlung geeignet gestalteter Daten f\u00fcr einen Denial of Service Angriff nutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "T009408",
          "67646",
          "64489",
          "4035",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "5930",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00.000+00:00",
      "title": "CVE-2016-7053"
    },
    {
      "cve": "CVE-2016-7054",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle betrifft TSL Verbindungen, welche die *-CHACHA20-POLY1305 Ciphersuites nutzen. Ein Angreifer kann durch \u00dcbermitteln geeignet gestalteter Daten einen Denial of Service hervorrufen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "67646",
          "64489",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00.000+00:00",
      "title": "CVE-2016-7054"
    },
    {
      "cve": "CVE-2016-7055",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler in der Broadwell-spezifischen Montgomery Multiplikations Prozedur. Ein Angreifer kann dieses zu einem Angriff mit unbekannten Answirkungen nutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "T009408",
          "67646",
          "64489",
          "4035",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "5930",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00.000+00:00",
      "title": "CVE-2016-7055"
    }
  ]
}

wid-sec-w-2024-0208

Vulnerability from csaf_certbund

Published

2016-11-10 23:00

Modified

2024-01-29 23:00

Summary

OpenSSL: Mehrere Schwachstellen

Notes

Produktbeschreibung

OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - CISCO Appliance - Juniper Appliance - Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Juniper Appliance\n- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0208 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0208.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0208 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0208"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory vom 2016-11-10",
        "url": "http://www.openssl.org/news/secadv/20161110.txt"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-20161114-openssl  vom 2016-11-20",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl"
      },
      {
        "category": "external",
        "summary": "BLUECOAT Security Advisory SA135 vom 2016-12-01",
        "url": "https://bto.bluecoat.com/security-advisory/sa135"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3181-1 vom 2017-01-31",
        "url": "http://www.ubuntu.com/usn/usn-3181-1/"
      },
      {
        "category": "external",
        "summary": "Tenable Advisory ID: TNS-2017-03",
        "url": "https://www.tenable.com/security/tns-2017-03"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K43570545 vom 2017-02-03",
        "url": "https://support.f5.com/csp/article/K43570545"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0431-1 vom 2017-02-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170431-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0441-1 vom 2017-02-11",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170441-1.html"
      },
      {
        "category": "external",
        "summary": "NetApp Advisory NTAP-20170127-0001",
        "url": "https://kb.netapp.com/support/s/article/ka51A00000007AWQAY/NTAP-20170127-0001?language=en_US"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory: FreeBSD-SA-17:02.openssl",
        "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0855-1 vom 2017-03-29",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170855-1.html"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-206 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-206.htm"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-205 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-205.htm"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-207 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-207.htm"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF03744",
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin JSA10775 vom 2017-07-12",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2185 vom 2018-07-13",
        "url": "https://access.redhat.com/errata/RHSA-2018:2185"
      },
      {
        "category": "external",
        "summary": "FortiGuard Labs OpenSSL Security Advisory",
        "url": "https://fortiguard.com/psirt/FG-IR-17-019"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA10990 vom 2020-01-08",
        "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026actp=RSS"
      },
      {
        "category": "external",
        "summary": "Dell Knowledge Base Article",
        "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:04:20.107+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0208",
      "initial_release_date": "2016-11-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "4",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "5",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "6",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-30T23:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-31T23:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-02T23:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-05T23:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-09T23:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-12T23:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-19T23:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-19T23:00:00.000+00:00",
          "number": "15",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-02-22T23:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-30T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-03T22:00:00.000+00:00",
          "number": "18",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-22T22:00:00.000+00:00",
          "number": "19",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-22T22:00:00.000+00:00",
          "number": "20",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-07-12T22:00:00.000+00:00",
          "number": "21",
          "summary": "New remediations available"
        },
        {
          "date": "2017-07-12T22:00:00.000+00:00",
          "number": "22",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-07-12T22:00:00.000+00:00",
          "number": "23",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-15T22:00:00.000+00:00",
          "number": "24",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-15T22:00:00.000+00:00",
          "number": "25",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "27",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "28",
          "summary": "Added references"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-01-29T23:00:00.000+00:00",
          "number": "30",
          "summary": "Schreibfehler korrigiert"
        }
      ],
      "status": "final",
      "version": "30"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco IOS XR",
            "product": {
              "name": "Cisco IOS XR",
              "product_id": "2062",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:ios_xr:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Network Analysis Module",
            "product": {
              "name": "Cisco Network Analysis Module",
              "product_id": "2084",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:network_analysis_module:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Security Manager (CSM)",
            "product": {
              "name": "Cisco Security Manager (CSM)",
              "product_id": "95918",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:security_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence SX20",
            "product": {
              "name": "Cisco TelePresence SX20",
              "product_id": "T000641",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence_sx20:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence Server",
            "product": {
              "name": "Cisco TelePresence Server",
              "product_id": "T001033",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:telepresence_server:2.2"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence System EX Series",
            "product": {
              "name": "Cisco TelePresence System EX Series",
              "product_id": "T000640",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence_system_ex_series:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Communications Manager (CUCM)",
            "product": {
              "name": "Cisco Unified Communications Manager (CUCM)",
              "product_id": "2142",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_communications_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Contact Center Enterprise",
            "product": {
              "name": "Cisco Unified Contact Center Enterprise",
              "product_id": "2143",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified IP Phone",
            "product": {
              "name": "Cisco Unified IP Phone",
              "product_id": "T001530",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:unified_ip_phones:::9900_series"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unity Connection",
            "product": {
              "name": "Cisco Unity Connection",
              "product_id": "161504",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unity_connection:1.1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Video Surveillance",
            "product": {
              "name": "Cisco Video Surveillance",
              "product_id": "64489",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:video_surveillance_ip_gateway_encoder_decoder:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco WebEx Meetings Server",
            "product": {
              "name": "Cisco WebEx Meetings Server",
              "product_id": "T001160",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:webex_meetings_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Wide Area Application Services",
            "product": {
              "name": "Cisco Wide Area Application Services",
              "product_id": "2186",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:wide_area_application_services:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker \u003c 19.10",
            "product": {
              "name": "Dell NetWorker \u003c 19.10",
              "product_id": "T032354",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:19.10"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 5.6.0",
                "product": {
                  "name": "Fortinet FortiOS \u003c 5.6.0",
                  "product_id": "T010101",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:5.6.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 5.4.6",
                "product": {
                  "name": "Fortinet FortiOS \u003c 5.4.6",
                  "product_id": "T011155",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:5.4.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiOS"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "FreeBSD Project FreeBSD OS",
            "product": {
              "name": "FreeBSD Project FreeBSD OS",
              "product_id": "4035",
              "product_identification_helper": {
                "cpe": "cpe:/o:freebsd:freebsd:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04",
            "product": {
              "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04",
              "product_id": "T009902",
              "product_identification_helper": {
                "cpe": "cpe:/a:hp:intelligent_management_center:7.3e0504p04"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "5930",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp OnCommand Unified Manager",
            "product": {
              "name": "NetApp OnCommand Unified Manager",
              "product_id": "T009408",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:oncommand_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenSSL \u003c 1.1.0c",
            "product": {
              "name": "Open Source OpenSSL \u003c 1.1.0c",
              "product_id": "T008912",
              "product_identification_helper": {
                "cpe": "cpe:/a:openssl:openssl:1.1.0c"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7053",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler bei der Verarbeitung von ASN.1 CHOICE Typen. Ein Angreifer kann dies durch \u00dcbermittlung geeignet gestalteter Daten f\u00fcr einen Denial of Service Angriff nutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "T009408",
          "67646",
          "64489",
          "4035",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "5930",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00.000+00:00",
      "title": "CVE-2016-7053"
    },
    {
      "cve": "CVE-2016-7054",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle betrifft TSL Verbindungen, welche die *-CHACHA20-POLY1305 Ciphersuites nutzen. Ein Angreifer kann durch \u00dcbermitteln geeignet gestalteter Daten einen Denial of Service hervorrufen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "67646",
          "64489",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00.000+00:00",
      "title": "CVE-2016-7054"
    },
    {
      "cve": "CVE-2016-7055",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler in der Broadwell-spezifischen Montgomery Multiplikations Prozedur. Ein Angreifer kann dieses zu einem Angriff mit unbekannten Answirkungen nutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "T009408",
          "67646",
          "64489",
          "4035",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "5930",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00.000+00:00",
      "title": "CVE-2016-7055"
    }
  ]
}

ghsa-hp2v-mmp5-5mcx

Vulnerability from github

Published

2022-05-17 02:24

Modified

2022-05-17 02:24

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-04T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.",
  "id": "GHSA-hp2v-mmp5-5mcx",
  "modified": "2022-05-17T02:24:38Z",
  "published": "2022-05-17T02:24:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7053"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv/20161110.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94244"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2016-7053

Vulnerability from fkie_nvd

Published

2017-05-04 19:29

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
openssl-security@openssl.org	http://www.securityfocus.com/bid/94244	Third Party Advisory, VDB Entry
openssl-security@openssl.org	http://www.securitytracker.com/id/1037261
openssl-security@openssl.org	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
openssl-security@openssl.org	https://www.openssl.org/news/secadv/20161110.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94244	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037261
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
af854a3a-2127-422b-91ae-364da2661108	https://www.openssl.org/news/secadv/20161110.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
openssl	openssl	1.1.0
openssl	openssl	1.1.0a
openssl	openssl	1.1.0b

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."
    },
    {
      "lang": "es",
      "value": "En OpenSSL 1.1.0 anterior a 1.1.0c, las aplicaciones que analizan estructuras CMS inv\u00e1lidas pueden dejar de dar servicio por una referencia a puntero nulo. Esto se produce por un fallo en la gesti\u00f3n del tipo ASN.1 CHOICE en OpenSSL 1.1.0, lo que puede derivar en que un valor NULL sea enviado a la devoluci\u00f3n de la llamada si se intenta utilizar varias codificaciones inv\u00e1lidas. S\u00f3lo est\u00e1n afectadas estructuras CHOICE que utilicen una devoluci\u00f3n de llamada que no gestione valores NULL."
    }
  ],
  "id": "CVE-2016-7053",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-04T19:29:00.213",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94244"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "http://www.securitytracker.com/id/1037261"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20161110.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20161110.txt"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2016-11095

Vulnerability from cnvd

Title

OpenSSL空指针废弃拒绝服务漏洞

Description

OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.1.0中存在空指针废弃造成的拒绝服务漏洞。攻击者可通过利用该漏洞造成拒绝服务（内存或CPU资源耗尽）。

Severity

中

Patch Name

OpenSSL空指针废弃拒绝服务漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.openssl.org/

Reference

https://www.openssl.org/news/secadv/20161110.txt

Impacted products

Name
OpenSSL OpenSSL 1.1.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94244"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7053"
    }
  },
  "description": "OpenSSL\u662fOpenSSL\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u80fd\u591f\u5b9e\u73b0\u5b89\u5168\u5957\u63a5\u5c42\uff08SSL v2/v3\uff09\u548c\u5b89\u5168\u4f20\u8f93\u5c42\uff08TLS v1\uff09\u534f\u8bae\u7684\u901a\u7528\u52a0\u5bc6\u5e93\uff0c\u5b83\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u5bc6\u7801\u3001\u54c8\u5e0c\u7b97\u6cd5\u3001\u5b89\u5168\u6563\u5217\u7b97\u6cd5\u7b49\u3002\r\n\r\nOpenSSL 1.1.0\u4e2d\u5b58\u5728\u7a7a\u6307\u9488\u5e9f\u5f03\u9020\u6210\u7684\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u6216CPU\u8d44\u6e90\u8017\u5c3d\uff09\u3002",
  "discovererName": "Tyler Nighswander of ForAllSecure",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.openssl.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11095",
  "openTime": "2016-11-15",
  "patchDescription": "OpenSSL\u662fOpenSSL\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u80fd\u591f\u5b9e\u73b0\u5b89\u5168\u5957\u63a5\u5c42\uff08SSL v2/v3\uff09\u548c\u5b89\u5168\u4f20\u8f93\u5c42\uff08TLS v1\uff09\u534f\u8bae\u7684\u901a\u7528\u52a0\u5bc6\u5e93\uff0c\u5b83\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u5bc6\u7801\u3001\u54c8\u5e0c\u7b97\u6cd5\u3001\u5b89\u5168\u6563\u5217\u7b97\u6cd5\u7b49\u3002\r\n\r\nOpenSSL 1.1.0\u4e2d\u5b58\u5728\u7a7a\u6307\u9488\u5e9f\u5f03\u9020\u6210\u7684\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u6216CPU\u8d44\u6e90\u8017\u5c3d\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OpenSSL\u7a7a\u6307\u9488\u5e9f\u5f03\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "OpenSSL  OpenSSL 1.1.0"
  },
  "referenceLink": "https://www.openssl.org/news/secadv/20161110.txt",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-14",
  "title": "OpenSSL\u7a7a\u6307\u9488\u5e9f\u5f03\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

gsd-2016-7053

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-7053

Aliases

CVE-2016-7053

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7053",
    "description": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.",
    "id": "GSD-2016-7053",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-7053.html",
      "https://security.archlinux.org/CVE-2016-7053"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7053"
      ],
      "details": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.",
      "id": "GSD-2016-7053",
      "modified": "2023-12-13T01:21:20.517109Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "openssl-security@openssl.org",
        "DATE_PUBLIC": "2016-11-10",
        "ID": "CVE-2016-7053",
        "STATE": "PUBLIC",
        "TITLE": "CMS Null dereference"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OpenSSL",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "openssl-1.1.0"
                        },
                        {
                          "version_value": "openssl-1.1.0a"
                        },
                        {
                          "version_value": "openssl-1.1.0b"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "OpenSSL"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Tyler Nighswander (ForAllSecure)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."
          }
        ]
      },
      "impact": [
        {
          "lang": "eng",
          "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
          "value": "Moderate"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "NULL pointer deference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
          },
          {
            "name": "94244",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94244"
          },
          {
            "name": "https://www.openssl.org/news/secadv/20161110.txt",
            "refsource": "CONFIRM",
            "url": "https://www.openssl.org/news/secadv/20161110.txt"
          },
          {
            "name": "1037261",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037261"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "ID": "CVE-2016-7053"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openssl.org/news/secadv/20161110.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.openssl.org/news/secadv/20161110.txt"
            },
            {
              "name": "94244",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94244"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
            },
            {
              "name": "1037261",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037261"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-28T01:29Z",
      "publishedDate": "2017-05-04T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-7053 (GCVE-0-2016-7053)

Vulnerability from cvelistv5

WID-SEC-W-2024-0208

Vulnerability from csaf_certbund

wid-sec-w-2024-0208

Vulnerability from csaf_certbund

ghsa-hp2v-mmp5-5mcx

Vulnerability from github

fkie_cve-2016-7053

Vulnerability from fkie_nvd

cnvd-2016-11095

Vulnerability from cnvd

gsd-2016-7053

Vulnerability from gsd

Tags

Sightings

Nomenclature