csaf_suse - suse-su-2016:1206-1

Vulnerability from csaf_suse

Published

2016-05-03 16:38

Modified

2016-05-03 16:38

Summary

Security update for openssl1

Notes

Title of the patch

Security update for openssl1

Description of the patch

This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL Root Certificate hashes - bsc#889013: Rename README.SuSE to the new spelling README.SUSE - bsc#976943: Fixed a buffer overrun in ASN1_parse. - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)

Patchnames

secsp3-openssl1-12539

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for openssl1",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "\nThis update for openssl1 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n- CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\nBugs fixed:\n- bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL Root\n  Certificate hashes\n- bsc#889013: Rename README.SuSE to the new spelling README.SUSE\n- bsc#976943: Fixed a buffer overrun in ASN1_parse.\n- bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "secsp3-openssl1-12539",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1206-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2016:1206-1",
            url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161206-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2016:1206-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002038.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 889013",
            url: "https://bugzilla.suse.com/889013",
         },
         {
            category: "self",
            summary: "SUSE Bug 971354",
            url: "https://bugzilla.suse.com/971354",
         },
         {
            category: "self",
            summary: "SUSE Bug 976942",
            url: "https://bugzilla.suse.com/976942",
         },
         {
            category: "self",
            summary: "SUSE Bug 976943",
            url: "https://bugzilla.suse.com/976943",
         },
         {
            category: "self",
            summary: "SUSE Bug 977614",
            url: "https://bugzilla.suse.com/977614",
         },
         {
            category: "self",
            summary: "SUSE Bug 977615",
            url: "https://bugzilla.suse.com/977615",
         },
         {
            category: "self",
            summary: "SUSE Bug 977616",
            url: "https://bugzilla.suse.com/977616",
         },
         {
            category: "self",
            summary: "SUSE Bug 977617",
            url: "https://bugzilla.suse.com/977617",
         },
         {
            category: "self",
            summary: "SUSE Bug 977621",
            url: "https://bugzilla.suse.com/977621",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-2105 page",
            url: "https://www.suse.com/security/cve/CVE-2016-2105/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-2106 page",
            url: "https://www.suse.com/security/cve/CVE-2016-2106/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-2107 page",
            url: "https://www.suse.com/security/cve/CVE-2016-2107/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-2108 page",
            url: "https://www.suse.com/security/cve/CVE-2016-2108/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-2109 page",
            url: "https://www.suse.com/security/cve/CVE-2016-2109/",
         },
      ],
      title: "Security update for openssl1",
      tracking: {
         current_release_date: "2016-05-03T16:38:12Z",
         generator: {
            date: "2016-05-03T16:38:12Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2016:1206-1",
         initial_release_date: "2016-05-03T16:38:12Z",
         revision_history: [
            {
               date: "2016-05-03T16:38:12Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl1-devel-1.0.1g-0.47.1.i586",
                        product: {
                           name: "libopenssl1-devel-1.0.1g-0.47.1.i586",
                           product_id: "libopenssl1-devel-1.0.1g-0.47.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-1.0.1g-0.47.1.i586",
                        product: {
                           name: "libopenssl1_0_0-1.0.1g-0.47.1.i586",
                           product_id: "libopenssl1_0_0-1.0.1g-0.47.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-1.0.1g-0.47.1.i586",
                        product: {
                           name: "openssl1-1.0.1g-0.47.1.i586",
                           product_id: "openssl1-1.0.1g-0.47.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-doc-1.0.1g-0.47.1.i586",
                        product: {
                           name: "openssl1-doc-1.0.1g-0.47.1.i586",
                           product_id: "openssl1-doc-1.0.1g-0.47.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl1-devel-1.0.1g-0.47.1.ia64",
                        product: {
                           name: "libopenssl1-devel-1.0.1g-0.47.1.ia64",
                           product_id: "libopenssl1-devel-1.0.1g-0.47.1.ia64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                        product: {
                           name: "libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                           product_id: "libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                        product: {
                           name: "libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                           product_id: "libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-1.0.1g-0.47.1.ia64",
                        product: {
                           name: "openssl1-1.0.1g-0.47.1.ia64",
                           product_id: "openssl1-1.0.1g-0.47.1.ia64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-doc-1.0.1g-0.47.1.ia64",
                        product: {
                           name: "openssl1-doc-1.0.1g-0.47.1.ia64",
                           product_id: "openssl1-doc-1.0.1g-0.47.1.ia64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ia64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                        product: {
                           name: "libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                           product_id: "libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                        product: {
                           name: "libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                           product_id: "libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                        product: {
                           name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                           product_id: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-1.0.1g-0.47.1.ppc64",
                        product: {
                           name: "openssl1-1.0.1g-0.47.1.ppc64",
                           product_id: "openssl1-1.0.1g-0.47.1.ppc64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-doc-1.0.1g-0.47.1.ppc64",
                        product: {
                           name: "openssl1-doc-1.0.1g-0.47.1.ppc64",
                           product_id: "openssl1-doc-1.0.1g-0.47.1.ppc64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl1-devel-1.0.1g-0.47.1.s390x",
                        product: {
                           name: "libopenssl1-devel-1.0.1g-0.47.1.s390x",
                           product_id: "libopenssl1-devel-1.0.1g-0.47.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                        product: {
                           name: "libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                           product_id: "libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                        product: {
                           name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                           product_id: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-1.0.1g-0.47.1.s390x",
                        product: {
                           name: "openssl1-1.0.1g-0.47.1.s390x",
                           product_id: "openssl1-1.0.1g-0.47.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-doc-1.0.1g-0.47.1.s390x",
                        product: {
                           name: "openssl1-doc-1.0.1g-0.47.1.s390x",
                           product_id: "openssl1-doc-1.0.1g-0.47.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                        product: {
                           name: "libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                           product_id: "libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                        product: {
                           name: "libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                           product_id: "libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                        product: {
                           name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                           product_id: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-1.0.1g-0.47.1.x86_64",
                        product: {
                           name: "openssl1-1.0.1g-0.47.1.x86_64",
                           product_id: "openssl1-1.0.1g-0.47.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl1-doc-1.0.1g-0.47.1.x86_64",
                        product: {
                           name: "openssl1-doc-1.0.1g-0.47.1.x86_64",
                           product_id: "openssl1-doc-1.0.1g-0.47.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Server 11-SECURITY",
                        product: {
                           name: "SUSE Linux Enterprise Server 11-SECURITY",
                           product_id: "SUSE Linux Enterprise Server 11-SECURITY",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sles:11:security",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1-devel-1.0.1g-0.47.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
            },
            product_reference: "libopenssl1-devel-1.0.1g-0.47.1.i586",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1-devel-1.0.1g-0.47.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
            },
            product_reference: "libopenssl1-devel-1.0.1g-0.47.1.ia64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1-devel-1.0.1g-0.47.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
            },
            product_reference: "libopenssl1-devel-1.0.1g-0.47.1.ppc64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1-devel-1.0.1g-0.47.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
            },
            product_reference: "libopenssl1-devel-1.0.1g-0.47.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1-devel-1.0.1g-0.47.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
            },
            product_reference: "libopenssl1-devel-1.0.1g-0.47.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-1.0.1g-0.47.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
            },
            product_reference: "libopenssl1_0_0-1.0.1g-0.47.1.i586",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-1.0.1g-0.47.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
            },
            product_reference: "libopenssl1_0_0-1.0.1g-0.47.1.ia64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-1.0.1g-0.47.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
            },
            product_reference: "libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-1.0.1g-0.47.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
            },
            product_reference: "libopenssl1_0_0-1.0.1g-0.47.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-1.0.1g-0.47.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
            },
            product_reference: "libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
            },
            product_reference: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
            },
            product_reference: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
            },
            product_reference: "libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
            },
            product_reference: "libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-1.0.1g-0.47.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
            },
            product_reference: "openssl1-1.0.1g-0.47.1.i586",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-1.0.1g-0.47.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
            },
            product_reference: "openssl1-1.0.1g-0.47.1.ia64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-1.0.1g-0.47.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
            },
            product_reference: "openssl1-1.0.1g-0.47.1.ppc64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-1.0.1g-0.47.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
            },
            product_reference: "openssl1-1.0.1g-0.47.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-1.0.1g-0.47.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
            },
            product_reference: "openssl1-1.0.1g-0.47.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-doc-1.0.1g-0.47.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
            },
            product_reference: "openssl1-doc-1.0.1g-0.47.1.i586",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-doc-1.0.1g-0.47.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
            },
            product_reference: "openssl1-doc-1.0.1g-0.47.1.ia64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-doc-1.0.1g-0.47.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
            },
            product_reference: "openssl1-doc-1.0.1g-0.47.1.ppc64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-doc-1.0.1g-0.47.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
            },
            product_reference: "openssl1-doc-1.0.1g-0.47.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl1-doc-1.0.1g-0.47.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
               product_id: "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
            },
            product_reference: "openssl1-doc-1.0.1g-0.47.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 11-SECURITY",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2016-2105",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-2105",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-2105",
               url: "https://www.suse.com/security/cve/CVE-2016-2105",
            },
            {
               category: "external",
               summary: "SUSE Bug 977584 for CVE-2016-2105",
               url: "https://bugzilla.suse.com/977584",
            },
            {
               category: "external",
               summary: "SUSE Bug 977614 for CVE-2016-2105",
               url: "https://bugzilla.suse.com/977614",
            },
            {
               category: "external",
               summary: "SUSE Bug 978492 for CVE-2016-2105",
               url: "https://bugzilla.suse.com/978492",
            },
            {
               category: "external",
               summary: "SUSE Bug 989902 for CVE-2016-2105",
               url: "https://bugzilla.suse.com/989902",
            },
            {
               category: "external",
               summary: "SUSE Bug 990369 for CVE-2016-2105",
               url: "https://bugzilla.suse.com/990369",
            },
            {
               category: "external",
               summary: "SUSE Bug 990370 for CVE-2016-2105",
               url: "https://bugzilla.suse.com/990370",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-05-03T16:38:12Z",
               details: "low",
            },
         ],
         title: "CVE-2016-2105",
      },
      {
         cve: "CVE-2016-2106",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-2106",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-2106",
               url: "https://www.suse.com/security/cve/CVE-2016-2106",
            },
            {
               category: "external",
               summary: "SUSE Bug 977584 for CVE-2016-2106",
               url: "https://bugzilla.suse.com/977584",
            },
            {
               category: "external",
               summary: "SUSE Bug 977615 for CVE-2016-2106",
               url: "https://bugzilla.suse.com/977615",
            },
            {
               category: "external",
               summary: "SUSE Bug 978492 for CVE-2016-2106",
               url: "https://bugzilla.suse.com/978492",
            },
            {
               category: "external",
               summary: "SUSE Bug 979279 for CVE-2016-2106",
               url: "https://bugzilla.suse.com/979279",
            },
            {
               category: "external",
               summary: "SUSE Bug 990369 for CVE-2016-2106",
               url: "https://bugzilla.suse.com/990369",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
               products: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-05-03T16:38:12Z",
               details: "low",
            },
         ],
         title: "CVE-2016-2106",
      },
      {
         cve: "CVE-2016-2107",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-2107",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-2107",
               url: "https://www.suse.com/security/cve/CVE-2016-2107",
            },
            {
               category: "external",
               summary: "SUSE Bug 976942 for CVE-2016-2107",
               url: "https://bugzilla.suse.com/976942",
            },
            {
               category: "external",
               summary: "SUSE Bug 977584 for CVE-2016-2107",
               url: "https://bugzilla.suse.com/977584",
            },
            {
               category: "external",
               summary: "SUSE Bug 977616 for CVE-2016-2107",
               url: "https://bugzilla.suse.com/977616",
            },
            {
               category: "external",
               summary: "SUSE Bug 978492 for CVE-2016-2107",
               url: "https://bugzilla.suse.com/978492",
            },
            {
               category: "external",
               summary: "SUSE Bug 990369 for CVE-2016-2107",
               url: "https://bugzilla.suse.com/990369",
            },
            {
               category: "external",
               summary: "SUSE Bug 990370 for CVE-2016-2107",
               url: "https://bugzilla.suse.com/990370",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-05-03T16:38:12Z",
               details: "important",
            },
         ],
         title: "CVE-2016-2107",
      },
      {
         cve: "CVE-2016-2108",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-2108",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-2108",
               url: "https://www.suse.com/security/cve/CVE-2016-2108",
            },
            {
               category: "external",
               summary: "SUSE Bug 1001502 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/1001502",
            },
            {
               category: "external",
               summary: "SUSE Bug 1004499 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/1004499",
            },
            {
               category: "external",
               summary: "SUSE Bug 1005878 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/1005878",
            },
            {
               category: "external",
               summary: "SUSE Bug 1148697 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/1148697",
            },
            {
               category: "external",
               summary: "SUSE Bug 977584 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/977584",
            },
            {
               category: "external",
               summary: "SUSE Bug 977617 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/977617",
            },
            {
               category: "external",
               summary: "SUSE Bug 978492 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/978492",
            },
            {
               category: "external",
               summary: "SUSE Bug 989345 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/989345",
            },
            {
               category: "external",
               summary: "SUSE Bug 996067 for CVE-2016-2108",
               url: "https://bugzilla.suse.com/996067",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               products: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-05-03T16:38:12Z",
               details: "important",
            },
         ],
         title: "CVE-2016-2108",
      },
      {
         cve: "CVE-2016-2109",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-2109",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
               "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-2109",
               url: "https://www.suse.com/security/cve/CVE-2016-2109",
            },
            {
               category: "external",
               summary: "SUSE Bug 1015243 for CVE-2016-2109",
               url: "https://bugzilla.suse.com/1015243",
            },
            {
               category: "external",
               summary: "SUSE Bug 976942 for CVE-2016-2109",
               url: "https://bugzilla.suse.com/976942",
            },
            {
               category: "external",
               summary: "SUSE Bug 977584 for CVE-2016-2109",
               url: "https://bugzilla.suse.com/977584",
            },
            {
               category: "external",
               summary: "SUSE Bug 978492 for CVE-2016-2109",
               url: "https://bugzilla.suse.com/978492",
            },
            {
               category: "external",
               summary: "SUSE Bug 990369 for CVE-2016-2109",
               url: "https://bugzilla.suse.com/990369",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
               products: [
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1-devel-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-32bit-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:libopenssl1_0_0-x86-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-1.0.1g-0.47.1.x86_64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.i586",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ia64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.ppc64",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.s390x",
                  "SUSE Linux Enterprise Server 11-SECURITY:openssl1-doc-1.0.1g-0.47.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-05-03T16:38:12Z",
               details: "moderate",
            },
         ],
         title: "CVE-2016-2109",
      },
   ],
}

cve-2016-2106

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1648.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	https://source.android.com/security/bulletin/pixel/2017-11-01
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	http://www.securityfocus.com/bid/89744	vdb-entry
	https://www.tenable.com/security/tns-2016-18
	http://rhn.redhat.com/errata/RHSA-2016-1649.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1650.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.739Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
               },
               {
                  name: "SSA:2016-124-01",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
               },
               {
                  name: "RHSA-2016:2056",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
               },
               {
                  name: "openSUSE-SU-2016:1238",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
               },
               {
                  name: "openSUSE-SU-2016:1242",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  name: "SUSE-SU-2016:1267",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
               },
               {
                  name: "RHSA-2016:2073",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  name: "DSA-3566",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3566",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
               },
               {
                  name: "openSUSE-SU-2016:1243",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
               },
               {
                  name: "GLSA-201612-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201612-16",
               },
               {
                  name: "SUSE-SU-2016:1228",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
               },
               {
                  name: "1035721",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035721",
               },
               {
                  name: "RHSA-2016:1648",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1648.html",
               },
               {
                  name: "openSUSE-SU-2016:1239",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26",
               },
               {
                  name: "FEDORA-2016-1e39d934ed",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
               },
               {
                  name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  name: "SUSE-SU-2016:1231",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  name: "FEDORA-2016-1411324654",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
               },
               {
                  name: "openSUSE-SU-2016:1240",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
               },
               {
                  name: "openSUSE-SU-2016:1241",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
               },
               {
                  name: "APPLE-SA-2016-07-18-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://source.android.com/security/bulletin/pixel/2017-11-01",
               },
               {
                  name: "SUSE-SU-2016:1360",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
               },
               {
                  name: "89744",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/89744",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-18",
               },
               {
                  name: "RHSA-2016:1649",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1649.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
               },
               {
                  name: "SUSE-SU-2016:1233",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
               },
               {
                  name: "openSUSE-SU-2016:1237",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
               },
               {
                  name: "RHSA-2016:0996",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
               },
               {
                  name: "91787",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91787",
               },
               {
                  name: "RHSA-2016:1650",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1650.html",
               },
               {
                  name: "SUSE-SU-2016:1290",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
               },
               {
                  name: "openSUSE-SU-2016:1273",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
               },
               {
                  name: "RHSA-2016:2957",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
               },
               {
                  name: "USN-2959-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2959-1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  name: "RHSA-2016:0722",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
               },
               {
                  name: "FreeBSD-SA-16:17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20160503.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT206903",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa123",
               },
               {
                  name: "FEDORA-2016-05c567df1a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
            },
            {
               name: "SSA:2016-124-01",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
            },
            {
               name: "RHSA-2016:2056",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
            },
            {
               name: "openSUSE-SU-2016:1238",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
            },
            {
               name: "openSUSE-SU-2016:1242",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               name: "SUSE-SU-2016:1267",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
            },
            {
               name: "RHSA-2016:2073",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               name: "DSA-3566",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2016/dsa-3566",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
            },
            {
               url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            },
            {
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
            },
            {
               name: "openSUSE-SU-2016:1243",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
            },
            {
               name: "GLSA-201612-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201612-16",
            },
            {
               name: "SUSE-SU-2016:1228",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
            },
            {
               name: "1035721",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1035721",
            },
            {
               name: "RHSA-2016:1648",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1648.html",
            },
            {
               name: "openSUSE-SU-2016:1239",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1206",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
            },
            {
               url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26",
            },
            {
               name: "FEDORA-2016-1e39d934ed",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
            },
            {
               name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               name: "SUSE-SU-2016:1231",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               name: "FEDORA-2016-1411324654",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
            },
            {
               name: "openSUSE-SU-2016:1240",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
            },
            {
               name: "openSUSE-SU-2016:1241",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
            },
            {
               name: "APPLE-SA-2016-07-18-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
            },
            {
               url: "https://source.android.com/security/bulletin/pixel/2017-11-01",
            },
            {
               name: "SUSE-SU-2016:1360",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
            },
            {
               name: "89744",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/89744",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-18",
            },
            {
               name: "RHSA-2016:1649",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1649.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
            },
            {
               name: "SUSE-SU-2016:1233",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
            },
            {
               name: "openSUSE-SU-2016:1237",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
            },
            {
               url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
            },
            {
               name: "RHSA-2016:0996",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
            },
            {
               name: "91787",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/91787",
            },
            {
               name: "RHSA-2016:1650",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1650.html",
            },
            {
               name: "SUSE-SU-2016:1290",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
            },
            {
               name: "openSUSE-SU-2016:1273",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
            },
            {
               name: "RHSA-2016:2957",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
            },
            {
               name: "USN-2959-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-2959-1",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               name: "RHSA-2016:0722",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
            },
            {
               name: "FreeBSD-SA-16:17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
            },
            {
               url: "https://www.openssl.org/news/secadv/20160503.txt",
            },
            {
               url: "https://support.apple.com/HT206903",
            },
            {
               url: "https://bto.bluecoat.com/security-advisory/sa123",
            },
            {
               name: "FEDORA-2016-05c567df1a",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
            },
            {
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2106",
      datePublished: "2016-05-05T00:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.739Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2108

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

References

▼	URL	Tags
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://support.citrix.com/article/CTX212736
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-18
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:0194	vendor-advisory
	http://source.android.com/security/bulletin/2016-07-01.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
	https://access.redhat.com/errata/RHSA-2017:0193	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://www.securityfocus.com/bid/89752	vdb-entry
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2016:1137	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.714Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SSA:2016-124-01",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
               },
               {
                  name: "RHSA-2016:2056",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
               },
               {
                  name: "openSUSE-SU-2016:1238",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
               },
               {
                  name: "openSUSE-SU-2016:1242",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:1267",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
               },
               {
                  name: "RHSA-2016:2073",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
               },
               {
                  name: "DSA-3566",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3566",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
               },
               {
                  name: "openSUSE-SU-2016:1243",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
               },
               {
                  name: "GLSA-201612-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201612-16",
               },
               {
                  name: "SUSE-SU-2016:1228",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
               },
               {
                  name: "1035721",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035721",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://support.citrix.com/article/CTX212736",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27",
               },
               {
                  name: "openSUSE-SU-2016:1239",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345",
               },
               {
                  name: "FEDORA-2016-1e39d934ed",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
               },
               {
                  name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
               },
               {
                  name: "SUSE-SU-2016:1231",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  name: "FEDORA-2016-1411324654",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
               },
               {
                  name: "openSUSE-SU-2016:1240",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862",
               },
               {
                  name: "openSUSE-SU-2016:1241",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
               },
               {
                  name: "APPLE-SA-2016-07-18-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
               },
               {
                  name: "SUSE-SU-2016:1360",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-18",
               },
               {
                  name: "SUSE-SU-2016:1233",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
               },
               {
                  name: "RHSA-2017:0194",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0194",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://source.android.com/security/bulletin/2016-07-01.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804",
               },
               {
                  name: "RHSA-2017:0193",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0193",
               },
               {
                  name: "openSUSE-SU-2016:1237",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
               },
               {
                  name: "RHSA-2016:0996",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
               },
               {
                  name: "91787",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91787",
               },
               {
                  name: "SUSE-SU-2016:1290",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
               },
               {
                  name: "openSUSE-SU-2016:1273",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
               },
               {
                  name: "RHSA-2016:2957",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
               },
               {
                  name: "USN-2959-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2959-1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  name: "RHSA-2016:0722",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20160503.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT206903",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa123",
               },
               {
                  name: "89752",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/89752",
               },
               {
                  name: "FEDORA-2016-05c567df1a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
               },
               {
                  name: "RHSA-2016:1137",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1137",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "SSA:2016-124-01",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
            },
            {
               name: "RHSA-2016:2056",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
            },
            {
               name: "openSUSE-SU-2016:1238",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
            },
            {
               name: "openSUSE-SU-2016:1242",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:1267",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
            },
            {
               name: "RHSA-2016:2073",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
            },
            {
               name: "DSA-3566",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2016/dsa-3566",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
            },
            {
               url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            },
            {
               name: "openSUSE-SU-2016:1243",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
            },
            {
               name: "GLSA-201612-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201612-16",
            },
            {
               name: "SUSE-SU-2016:1228",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
            },
            {
               name: "1035721",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1035721",
            },
            {
               url: "http://support.citrix.com/article/CTX212736",
            },
            {
               url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27",
            },
            {
               name: "openSUSE-SU-2016:1239",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1206",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345",
            },
            {
               name: "FEDORA-2016-1e39d934ed",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
            },
            {
               name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
            },
            {
               name: "SUSE-SU-2016:1231",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
            },
            {
               url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               name: "FEDORA-2016-1411324654",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
            },
            {
               name: "openSUSE-SU-2016:1240",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862",
            },
            {
               name: "openSUSE-SU-2016:1241",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
            },
            {
               name: "APPLE-SA-2016-07-18-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
            },
            {
               name: "SUSE-SU-2016:1360",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-18",
            },
            {
               name: "SUSE-SU-2016:1233",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
            },
            {
               name: "RHSA-2017:0194",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0194",
            },
            {
               url: "http://source.android.com/security/bulletin/2016-07-01.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804",
            },
            {
               name: "RHSA-2017:0193",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0193",
            },
            {
               name: "openSUSE-SU-2016:1237",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
            },
            {
               url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
            },
            {
               name: "RHSA-2016:0996",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
            },
            {
               url: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
            },
            {
               name: "91787",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/91787",
            },
            {
               name: "SUSE-SU-2016:1290",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
            },
            {
               name: "openSUSE-SU-2016:1273",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
            },
            {
               name: "RHSA-2016:2957",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
            },
            {
               name: "USN-2959-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-2959-1",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               name: "RHSA-2016:0722",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
            },
            {
               url: "https://www.openssl.org/news/secadv/20160503.txt",
            },
            {
               url: "https://support.apple.com/HT206903",
            },
            {
               url: "https://bto.bluecoat.com/security-advisory/sa123",
            },
            {
               name: "89752",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/89752",
            },
            {
               name: "FEDORA-2016-05c567df1a",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
            },
            {
               name: "RHSA-2016:1137",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1137",
            },
            {
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2108",
      datePublished: "2016-05-05T00:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.714Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2105

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.securityfocus.com/bid/89757	vdb-entry
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1648.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	https://source.android.com/security/bulletin/pixel/2017-11-01
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-18
	http://rhn.redhat.com/errata/RHSA-2016-1649.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-1650.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.709Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
               },
               {
                  name: "SSA:2016-124-01",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
               },
               {
                  name: "RHSA-2016:2056",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
               },
               {
                  name: "openSUSE-SU-2016:1238",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
               },
               {
                  name: "openSUSE-SU-2016:1242",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  name: "SUSE-SU-2016:1267",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
               },
               {
                  name: "RHSA-2016:2073",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
               },
               {
                  name: "89757",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/89757",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  name: "DSA-3566",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3566",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
               },
               {
                  name: "openSUSE-SU-2016:1243",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
               },
               {
                  name: "GLSA-201612-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201612-16",
               },
               {
                  name: "SUSE-SU-2016:1228",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
               },
               {
                  name: "1035721",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035721",
               },
               {
                  name: "RHSA-2016:1648",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1648.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a",
               },
               {
                  name: "openSUSE-SU-2016:1239",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
               },
               {
                  name: "FEDORA-2016-1e39d934ed",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
               },
               {
                  name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  name: "SUSE-SU-2016:1231",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  name: "FEDORA-2016-1411324654",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
               },
               {
                  name: "openSUSE-SU-2016:1240",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
               },
               {
                  name: "openSUSE-SU-2016:1566",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html",
               },
               {
                  name: "openSUSE-SU-2016:1241",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
               },
               {
                  name: "APPLE-SA-2016-07-18-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://source.android.com/security/bulletin/pixel/2017-11-01",
               },
               {
                  name: "SUSE-SU-2016:1360",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-18",
               },
               {
                  name: "RHSA-2016:1649",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1649.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
               },
               {
                  name: "SUSE-SU-2016:1233",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
               },
               {
                  name: "openSUSE-SU-2016:1237",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
               },
               {
                  name: "RHSA-2016:0996",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
               },
               {
                  name: "91787",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91787",
               },
               {
                  name: "RHSA-2016:1650",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1650.html",
               },
               {
                  name: "SUSE-SU-2016:1290",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
               },
               {
                  name: "openSUSE-SU-2016:1273",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
               },
               {
                  name: "RHSA-2016:2957",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
               },
               {
                  name: "USN-2959-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2959-1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  name: "RHSA-2016:0722",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
               },
               {
                  name: "FreeBSD-SA-16:17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20160503.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT206903",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa123",
               },
               {
                  name: "FEDORA-2016-05c567df1a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
            },
            {
               name: "SSA:2016-124-01",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
            },
            {
               name: "RHSA-2016:2056",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
            },
            {
               name: "openSUSE-SU-2016:1238",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
            },
            {
               name: "openSUSE-SU-2016:1242",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               name: "SUSE-SU-2016:1267",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
            },
            {
               name: "RHSA-2016:2073",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
            },
            {
               name: "89757",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/89757",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               name: "DSA-3566",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2016/dsa-3566",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
            },
            {
               url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            },
            {
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
            },
            {
               name: "openSUSE-SU-2016:1243",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
            },
            {
               name: "GLSA-201612-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201612-16",
            },
            {
               name: "SUSE-SU-2016:1228",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
            },
            {
               name: "1035721",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1035721",
            },
            {
               name: "RHSA-2016:1648",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1648.html",
            },
            {
               url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a",
            },
            {
               name: "openSUSE-SU-2016:1239",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1206",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
            },
            {
               name: "FEDORA-2016-1e39d934ed",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
            },
            {
               name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               name: "SUSE-SU-2016:1231",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               name: "FEDORA-2016-1411324654",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
            },
            {
               name: "openSUSE-SU-2016:1240",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
            },
            {
               name: "openSUSE-SU-2016:1566",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html",
            },
            {
               name: "openSUSE-SU-2016:1241",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
            },
            {
               name: "APPLE-SA-2016-07-18-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
            },
            {
               url: "https://source.android.com/security/bulletin/pixel/2017-11-01",
            },
            {
               name: "SUSE-SU-2016:1360",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-18",
            },
            {
               name: "RHSA-2016:1649",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1649.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
            },
            {
               name: "SUSE-SU-2016:1233",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
            },
            {
               name: "openSUSE-SU-2016:1237",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
            },
            {
               name: "RHSA-2016:0996",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
            },
            {
               name: "91787",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/91787",
            },
            {
               name: "RHSA-2016:1650",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1650.html",
            },
            {
               name: "SUSE-SU-2016:1290",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
            },
            {
               name: "openSUSE-SU-2016:1273",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
            },
            {
               name: "RHSA-2016:2957",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
            },
            {
               name: "USN-2959-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-2959-1",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               name: "RHSA-2016:0722",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
            },
            {
               name: "FreeBSD-SA-16:17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
            },
            {
               url: "https://www.openssl.org/news/secadv/20160503.txt",
            },
            {
               url: "https://support.apple.com/HT206903",
            },
            {
               url: "https://bto.bluecoat.com/security-advisory/sa123",
            },
            {
               name: "FEDORA-2016-05c567df1a",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
            },
            {
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2105",
      datePublished: "2016-05-05T00:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.709Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2107

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

References

▼	URL	Tags
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://support.citrix.com/article/CTX212736
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
	https://www.tenable.com/security/tns-2016-18
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	http://source.android.com/security/bulletin/2016-07-01.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
	https://security.netapp.com/advisory/ntap-20160504-0001/
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://www.securityfocus.com/bid/89760	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html	vendor-advisory
	https://www.exploit-db.com/exploits/39768/	exploit
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.633Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
               },
               {
                  name: "SSA:2016-124-01",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
               },
               {
                  name: "openSUSE-SU-2016:1238",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  name: "RHSA-2016:2073",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
               },
               {
                  name: "DSA-3566",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3566",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
               },
               {
                  name: "openSUSE-SU-2016:1243",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
               },
               {
                  name: "GLSA-201612-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201612-16",
               },
               {
                  name: "SUSE-SU-2016:1228",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us",
               },
               {
                  name: "1035721",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035721",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://support.citrix.com/article/CTX212736",
               },
               {
                  name: "SUSE-SU-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
               },
               {
                  name: "FEDORA-2016-1e39d934ed",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
               },
               {
                  name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  name: "FEDORA-2016-1411324654",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
               },
               {
                  name: "openSUSE-SU-2016:1240",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862",
               },
               {
                  name: "openSUSE-SU-2016:1566",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html",
               },
               {
                  name: "APPLE-SA-2016-07-18-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-18",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
               },
               {
                  name: "SUSE-SU-2016:1233",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://source.android.com/security/bulletin/2016-07-01.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804",
               },
               {
                  name: "openSUSE-SU-2016:1237",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
               },
               {
                  name: "RHSA-2016:0996",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
               },
               {
                  name: "91787",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91787",
               },
               {
                  name: "89760",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/89760",
               },
               {
                  name: "RHSA-2016:2957",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
               },
               {
                  name: "USN-2959-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2959-1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html",
               },
               {
                  name: "RHSA-2016:0722",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
               },
               {
                  name: "FreeBSD-SA-16:17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20160503.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT206903",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa123",
               },
               {
                  name: "FEDORA-2016-05c567df1a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
               },
               {
                  name: "39768",
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/39768/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
            },
            {
               name: "SSA:2016-124-01",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
            },
            {
               name: "openSUSE-SU-2016:1238",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               name: "RHSA-2016:2073",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
            },
            {
               name: "DSA-3566",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2016/dsa-3566",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
            },
            {
               url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            },
            {
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
            },
            {
               name: "openSUSE-SU-2016:1243",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
            },
            {
               name: "GLSA-201612-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201612-16",
            },
            {
               name: "SUSE-SU-2016:1228",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us",
            },
            {
               name: "1035721",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1035721",
            },
            {
               url: "http://support.citrix.com/article/CTX212736",
            },
            {
               name: "SUSE-SU-2016:1206",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
            },
            {
               name: "FEDORA-2016-1e39d934ed",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html",
            },
            {
               name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               name: "FEDORA-2016-1411324654",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html",
            },
            {
               name: "openSUSE-SU-2016:1240",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
            },
            {
               url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862",
            },
            {
               name: "openSUSE-SU-2016:1566",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html",
            },
            {
               name: "APPLE-SA-2016-07-18-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
            },
            {
               url: "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-18",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
            },
            {
               name: "SUSE-SU-2016:1233",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
            },
            {
               url: "http://source.android.com/security/bulletin/2016-07-01.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804",
            },
            {
               name: "openSUSE-SU-2016:1237",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
            },
            {
               url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
            },
            {
               name: "RHSA-2016:0996",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
            },
            {
               name: "91787",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/91787",
            },
            {
               name: "89760",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/89760",
            },
            {
               name: "RHSA-2016:2957",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
            },
            {
               name: "USN-2959-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-2959-1",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               url: "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html",
            },
            {
               name: "RHSA-2016:0722",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
            },
            {
               name: "FreeBSD-SA-16:17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
            },
            {
               url: "https://www.openssl.org/news/secadv/20160503.txt",
            },
            {
               url: "https://support.apple.com/HT206903",
            },
            {
               url: "https://bto.bluecoat.com/security-advisory/sa123",
            },
            {
               name: "FEDORA-2016-05c567df1a",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html",
            },
            {
               name: "39768",
               tags: [
                  "exploit",
               ],
               url: "https://www.exploit-db.com/exploits/39768/",
            },
            {
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2107",
      datePublished: "2016-05-05T00:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.633Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2109

Vulnerability from cvelistv5

Published

2016-05-05 00:00

Modified

2024-08-05 23:17

Severity ?

Summary

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2056.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2073.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
	http://www.debian.org/security/2016/dsa-3566	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
	http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10160
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	vendor-advisory
	https://source.android.com/security/bulletin/2017-07-01
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	vendor-advisory
	http://www.securitytracker.com/id/1035721	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	vendor-advisory
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	vendor-advisory
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	vendor-advisory
	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	vendor-advisory
	https://www.tenable.com/security/tns-2016-18
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
	http://rhn.redhat.com/errata/RHSA-2016-0996.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20160504-0001/
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807
	http://www.securityfocus.com/bid/91787	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-2959-1	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	http://www.securityfocus.com/bid/87940	vdb-entry
	http://rhn.redhat.com/errata/RHSA-2016-0722.html	vendor-advisory
	https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc	vendor-advisory
	https://www.openssl.org/news/secadv/20160503.txt
	https://support.apple.com/HT206903
	https://bto.bluecoat.com/security-advisory/sa123
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.542Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
               },
               {
                  name: "SSA:2016-124-01",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
               },
               {
                  name: "RHSA-2016:2056",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
               },
               {
                  name: "openSUSE-SU-2016:1238",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
               },
               {
                  name: "openSUSE-SU-2016:1242",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  name: "SUSE-SU-2016:1267",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
               },
               {
                  name: "RHSA-2016:2073",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  name: "DSA-3566",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3566",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
               },
               {
                  name: "openSUSE-SU-2016:1243",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://source.android.com/security/bulletin/2017-07-01",
               },
               {
                  name: "GLSA-201612-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201612-16",
               },
               {
                  name: "SUSE-SU-2016:1228",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
               },
               {
                  name: "1035721",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035721",
               },
               {
                  name: "openSUSE-SU-2016:1239",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
               },
               {
                  name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  name: "SUSE-SU-2016:1231",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  name: "openSUSE-SU-2016:1240",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
               },
               {
                  name: "openSUSE-SU-2016:1241",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
               },
               {
                  name: "APPLE-SA-2016-07-18-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
               },
               {
                  name: "SUSE-SU-2016:1360",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-18",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
               },
               {
                  name: "SUSE-SU-2016:1233",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
               },
               {
                  name: "openSUSE-SU-2016:1237",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
               },
               {
                  name: "RHSA-2016:0996",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807",
               },
               {
                  name: "91787",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91787",
               },
               {
                  name: "SUSE-SU-2016:1290",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
               },
               {
                  name: "openSUSE-SU-2016:1273",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
               },
               {
                  name: "RHSA-2016:2957",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
               },
               {
                  name: "USN-2959-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2959-1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  name: "87940",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/87940",
               },
               {
                  name: "RHSA-2016:0722",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
               },
               {
                  name: "FreeBSD-SA-16:17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20160503.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT206903",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa123",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
            },
            {
               name: "SSA:2016-124-01",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103",
            },
            {
               name: "RHSA-2016:2056",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
            },
            {
               name: "openSUSE-SU-2016:1238",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html",
            },
            {
               name: "openSUSE-SU-2016:1242",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               name: "SUSE-SU-2016:1267",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html",
            },
            {
               name: "RHSA-2016:2073",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2073.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               name: "DSA-3566",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2016/dsa-3566",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
            },
            {
               url: "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            },
            {
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10160",
            },
            {
               name: "openSUSE-SU-2016:1243",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html",
            },
            {
               url: "https://source.android.com/security/bulletin/2017-07-01",
            },
            {
               name: "GLSA-201612-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201612-16",
            },
            {
               name: "SUSE-SU-2016:1228",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html",
            },
            {
               name: "1035721",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1035721",
            },
            {
               name: "openSUSE-SU-2016:1239",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1206",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html",
            },
            {
               name: "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               name: "SUSE-SU-2016:1231",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html",
            },
            {
               url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               name: "openSUSE-SU-2016:1240",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html",
            },
            {
               name: "openSUSE-SU-2016:1241",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html",
            },
            {
               name: "APPLE-SA-2016-07-18-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html",
            },
            {
               name: "SUSE-SU-2016:1360",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-18",
            },
            {
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
            },
            {
               name: "SUSE-SU-2016:1233",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html",
            },
            {
               name: "openSUSE-SU-2016:1237",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html",
            },
            {
               url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202",
            },
            {
               name: "RHSA-2016:0996",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0996.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20160504-0001/",
            },
            {
               url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807",
            },
            {
               name: "91787",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/91787",
            },
            {
               name: "SUSE-SU-2016:1290",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html",
            },
            {
               name: "openSUSE-SU-2016:1273",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html",
            },
            {
               name: "RHSA-2016:2957",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
            },
            {
               name: "USN-2959-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-2959-1",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               name: "87940",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/87940",
            },
            {
               name: "RHSA-2016:0722",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0722.html",
            },
            {
               name: "FreeBSD-SA-16:17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc",
            },
            {
               url: "https://www.openssl.org/news/secadv/20160503.txt",
            },
            {
               url: "https://support.apple.com/HT206903",
            },
            {
               url: "https://bto.bluecoat.com/security-advisory/sa123",
            },
            {
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2109",
      datePublished: "2016-05-05T00:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.542Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

cve-2016-2106

Vulnerability from cvelistv5

cve-2016-2108

Vulnerability from cvelistv5

cve-2016-2105

Vulnerability from cvelistv5

cve-2016-2107

Vulnerability from cvelistv5

cve-2016-2109

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature