Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2016-2176

Published: 05/05/2016 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL prior to 1.0.1t and 1.0.2 prior to 1.0.2h allows remote malicious users to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.2a

openssl openssl 1.0.2e

openssl openssl 1.0.2b

openssl openssl 1.0.2g

openssl openssl 1.0.2c

openssl openssl 1.0.2

openssl openssl

openssl openssl 1.0.2f

openssl openssl 1.0.2d

Vendor Advisories

Red Hat: CVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_objc in OpenSSL before 101t and 102 before 102h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN1 data ...
Tenable Security Advisories: [R5] OpenSSL '20160503' Advisory Affects Tenable Products
Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time The issues include: CVE-2016-2107 - OpenSSL AES-N ...
Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities
The Log Correlation Engine (LCE) is potentially impacted by several vulnerabilities in OpenSSL (20160503), libpcre / PCRE, Libxml2, Handlebars, libcurl, and jQuery that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included versions of each library as a ...
Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities
Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality Two of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to PVS OpenSSL ASN1 Encoder Negative Zero Value ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Exploits

Exploit DB: Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

Recent Articles

Yay! It's International Patch Your Scary OpenSSL Bugs Day!
The Register • Iain Thomson in San Francisco • 03 May 2016

Two innocent programming blunders breed high-risk flaw

Six security patches – two of them high severity – have been released today for OpenSSL 1.0.1 and 1.0.2. Last week, the open-source crypto-library project warned that a bunch of fixes were incoming, and true enough, Tuesday’s updates address serious flaws that should be installed as soon as possible. CVE-2016-2108 is a curious beast; a hybrid of two low-risk bugs that can be fused into a serious problem. The first is a seemingly innocuous issue with the ASN.1 parser whereby if a zero is re...

Read more...

References

CWE-119https://www.openssl.org/news/secadv/20160503.txthttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202https://kc.mcafee.com/corporate/index?page=content&id=SB10160http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttps://support.apple.com/HT206903http://www.securityfocus.com/bid/91787http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/89746http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103http://www.securitytracker.com/id/1035721http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslhttps://bto.bluecoat.com/security-advisory/sa123http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.htmlhttps://security.gentoo.org/glsa/201612-16https://www.tenable.com/security/tns-2016-18https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_ushttps://security.netapp.com/advisory/ntap-20160504-0001/http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561https://nvd.nist.govhttps://www.theregister.co.uk/2016/05/03/openssl_patches/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21https://www.tenable.com/security/tns-2016-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook