Published: 03/03/2016 Updated: 12/02/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g allows remote malicious users to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 1.0.1m
openssl openssl 1.0.2a
openssl openssl 1.0.1j
openssl openssl 1.0.1
openssl openssl 1.0.1h
openssl openssl 1.0.2e
openssl openssl 1.0.1r
openssl openssl 1.0.2b
openssl openssl 1.0.1c
openssl openssl 1.0.1g
openssl openssl 1.0.1a
openssl openssl 1.0.1d
openssl openssl 1.0.2c
openssl openssl 1.0.2
openssl openssl 1.0.1p
openssl openssl 1.0.1k
openssl openssl 1.0.1b
openssl openssl 1.0.1n
openssl openssl 1.0.1q
openssl openssl 1.0.1e
openssl openssl 1.0.1l
openssl openssl 1.0.1f
openssl openssl 1.0.1o
openssl openssl 1.0.2f
openssl openssl 1.0.1i
openssl openssl 1.0.2d

Several security issues were fixed in OpenSSL ...

Nessus is potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time The issues include: CVE-2016-0800 Secure Sockets Layer Version 2 (SSL ...

Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

CWE-399 http://openssl.org/news/secadv/20160301.txt https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/83705 https://www.openssl.org/news/secadv/20160301.txt http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://www.ubuntu.com/usn/USN-2914-1 http://www.debian.org/security/2016/dsa-3500 https://security.gentoo.org/glsa/201603-15 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us http://www.securitytracker.com/id/1035133 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21 https://nvd.nist.gov https://usn.ubuntu.com/2914-1/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21

CVE-2016-0798

Vulnerability Summary

Vendor Advisories

ICS Advisories

Exploits

References

Vulmon Search

About

Products

Connect