694
VMScore

CVE-2016-0798

Published: 03/03/2016 Updated: 21/11/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g allows remote malicious users to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.1

openssl openssl 1.0.1a

openssl openssl 1.0.1b

openssl openssl 1.0.1c

openssl openssl 1.0.1d

openssl openssl 1.0.1e

openssl openssl 1.0.1f

openssl openssl 1.0.1g

openssl openssl 1.0.1h

openssl openssl 1.0.1i

openssl openssl 1.0.1j

openssl openssl 1.0.1k

openssl openssl 1.0.1l

openssl openssl 1.0.1m

openssl openssl 1.0.1n

openssl openssl 1.0.1o

openssl openssl 1.0.1p

openssl openssl 1.0.1q

openssl openssl 1.0.1r

openssl openssl 1.0.2

openssl openssl 1.0.2a

openssl openssl 1.0.2b

openssl openssl 1.0.2c

openssl openssl 1.0.2d

openssl openssl 1.0.2e

openssl openssl 1.0.2f

Vendor Advisories

Several security issues were fixed in OpenSSL ...
Nessus is potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time The issues include: CVE-2016-0800 Secure Sockets Layer Version 2 (SSL ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1351 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 7 Mar 2016 Open High CVSS v2: 100 SA117 ...
Oracle Critical Patch Update Advisory - April 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory ...
Oracle Solaris Third Party Bulletin - April 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...

Mailing Lists

Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

References

CWE-399http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://openssl.org/news/secadv/20160301.txthttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslhttp://www.debian.org/security/2016/dsa-3500http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/83705http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035133http://www.ubuntu.com/usn/USN-2914-1https://git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.aschttps://security.gentoo.org/glsa/201603-15https://www.openssl.org/news/secadv/20160301.txthttps://www.securityfocus.com/bid/83705https://nvd.nist.govhttps://usn.ubuntu.com/2914-1/https://www.rapid7.com/db/vulnerabilities/aix-7.2-openssl_advisory18_cve-2016-0798