10
CVSSv2

CVE-2016-2108

Published: 05/05/2016 Updated: 05/01/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 892
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The ASN.1 implementation in OpenSSL prior to 1.0.1o and 1.0.2 prior to 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Vulnerability Trend

Affected Products

Vendor Product Versions
OpensslOpenssl1.0.1n, 1.0.2, 1.0.2a, 1.0.2b
GoogleAndroid4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.3, 4.3.1, 4.4, 4.4.1, 4.4.2, 4.4.3, 5.0, 5.0.1, 5.1, 5.1.0, 6.0, 6.0.1
RedhatEnterprise Linux Desktop6.0, 7.0
RedhatEnterprise Linux Hpc Node6.0, 7.0
RedhatEnterprise Linux Hpc Node Eus7.2
RedhatEnterprise Linux Server6.0, 7.0
RedhatEnterprise Linux Server Aus7.2
RedhatEnterprise Linux Server Eus7.2
RedhatEnterprise Linux Workstation6.0, 7.0

Vendor Advisories

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Release on RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 Release on RHEL 6 Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2423 and fix several bugs, and add various enhancements are now available for Red Hat En ...
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic An update for openssl is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
A flaw was found in the way OpenSSL encoded certain ASN1 data structures An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library ...
Several security issues were fixed in OpenSSL ...
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data This could lead to a heap corruption CVE-2016-2106 Guido Vranken discov ...
A number of security issues have been identified within Citrix XenServer 72 which could, if exploited, allow a malicious man-in-the-middle (MiTM) attacker on the management network to decrypt management traffic Collectively, this has been rated as a medium severity vulnerability; the following issues have been remediated: ...
A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI (CVE-2016-2107 , Important) It was discovered that the ASN1 parser can misinterpret a large universal tag as a negative value If an application deseriali ...
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM (depending on configuration) or an attacker on the management network to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citr ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP 2423 Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services httpd 2423 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systemsRed Hat Product Security has rated this release as ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1363 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 9 May 2016 Open High CVSS v2: 100 SA123 ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality Two of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to PVS OpenSSL ASN1 Encoder Negative Zero Value ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of 2018-07-05 or later address all of these issues To learn how to check a device's security patch level, see Check and update your Android version Android partners are notified of all issues at least a month before public ...
Oracle Critical Patch Update Advisory - July 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update The Nexus firmware images have also been released to the Google Developer site Security patch levels of July 05, 2016 or later addres ...
Oracle Critical Patch Update Advisory - July 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...

Github Repositories

This is a small project to keep track of most Moderate-to-Severe SSL/TLS vulnerabilities and count the number of days between publications Updating (easy) If we've missed a vulnerability (we're human too ;P), please feel free to submit a new issue on this repo Updating (harder) To do this, you will need a clone of this repo, so clone it now before we start Once clo

Vuls simulator for Deep Security Simulate Deep Security's coverage for high urgency vulnerability reported by Vuls (This tool is refer to Amazon Inspector with DeepSecurity and DeepSecurity SDK) Description vulssimulator_ds is a CLI tool that simulates Deep Security's coverage for the vulenarebility reported by Vuls It can help you to see the toughness of Deep Sec

satellite-host-cve A script to list CVE's that are either installable or applicable for a host (or all hosts) within one organization Altough Satellite6 gives a nice way to handle errata, there are customers who need to have a view based on CVE's and not on security errata What does code do It lists all CVE's for a host, mapped across it's lifecycle path

SMR-MAY-2018 Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process This SMR package includes patches from Google and Samsung Google patches include patches up to Android Security Bulletin - May 2018 package; and Android security patch level (SPL) of May 1, 2018 includes all of these patches T

Recent Articles

Android Security Bulletin Features Two Patch Levels
Threatpost • Michael Mimoso • 06 Jul 2016

The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware.
The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point out, that remains a struggle for Android users who must rely on carriers and handset makers to integrate and distribute Google updates.
The latest Android Security Bulletin, released today, pro...

Yay! It's International Patch Your Scary OpenSSL Bugs Day!
The Register • Iain Thomson in San Francisco • 03 May 2016

Two innocent programming blunders breed high-risk flaw

Six security patches – two of them high severity – have been released today for OpenSSL 1.0.1 and 1.0.2.
Last week, the open-source crypto-library project warned that a bunch of fixes were incoming, and true enough, Tuesday’s updates address serious flaws that should be installed as soon as possible.
CVE-2016-2108 is a curious beast; a hybrid of two low-risk bugs that can be fused into a serious problem. The first is a seemingly innocuous issue with the ASN.1 parser whereby if ...

References

CWE-119http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.htmlhttp://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0722.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0996.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2056.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2073.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://source.android.com/security/bulletin/2016-07-01.htmlhttp://support.citrix.com/article/CTX212736http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslhttp://www.debian.org/security/2016/dsa-3566http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/89752http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035721http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103http://www.ubuntu.com/usn/USN-2959-1https://access.redhat.com/errata/RHSA-2016:1137https://access.redhat.com/errata/RHSA-2017:0193https://access.redhat.com/errata/RHSA-2017:0194https://bto.bluecoat.com/security-advisory/sa123https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-frhttps://security.gentoo.org/glsa/201612-16https://security.netapp.com/advisory/ntap-20160504-0001/https://support.apple.com/HT206903https://www.openssl.org/news/secadv/20160503.txthttps://www.tenable.com/security/tns-2016-18https://www.securityfocus.com/bid/89752https://access.redhat.com/errata/RHSA-2017:0194https://nvd.nist.govhttps://usn.ubuntu.com/2959-1/https://www.rapid7.com/db/vulnerabilities/aix-7.2-openssl_advisory20_cve-2016-2108