Vulnerability-Lookup

BDU:2019-01911

Vulnerability from fstec - Published: 29.08.2016

Title

Уязвимость в файле t1_lib.c библиотеки OpenSSL, позволяющие нарушителю вызвать отказ в обслуживании

Description

Уязвимость в файле t1_lib.c библиотеки OpenSSL связана с ошибками управления ресурсом. Эксплуатация уязвимостей может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании с использованием больших расширений OCSP Status Request

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Oracle Corp., OpenSSL Software Foundation, Node.js Foundation, Novell Inc.

Software Name

E-Business Suite, OpenSSL, Node.js, Communications EAGLE LNP Application Processor, Enterprise Session Border Controller, MySQL, VM VirtualBox, Communications Unified Session Manager, SPARC Enterprise M3000, SPARC Enterprise M4000, SPARC Enterprise M5000, SPARC Enterprise M8000, SPARC Enterprise M9000, SUSE Linux Enterprise Module for Web Scripting, Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S, Fujitsu M12-1, Fujitsu M12-2, Fujitsu M12-2S

Software Version

12.1.3 (E-Business Suite), от 1.0.1 до 1.0.1u (OpenSSL), от 1.0.2 до 1.0.2i (OpenSSL), от 1.1.0 до 1.1.0a (OpenSSL), до 6.6.0 включительно (Node.js), до 10.1.0.0.0 включительно (Communications EAGLE LNP Application Processor), ECZ7.3.0 (Enterprise Session Border Controller), до 5.6.33 включительно (MySQL), до 5.7.15 включительно (MySQL), до 5.0.28 (VM VirtualBox), до 5.1.8 (VM VirtualBox), SCz 7.x (Communications Unified Session Manager), до XCP1123 (SPARC Enterprise M3000), до XCP1123 (SPARC Enterprise M4000), до XCP1123 (SPARC Enterprise M5000), до XCP1123 (SPARC Enterprise M8000), до XCP1123 (SPARC Enterprise M9000), 12 (SUSE Linux Enterprise Module for Web Scripting), до XCP2340 (Fujitsu M10-1), до XCP3030 (Fujitsu M10-1), до XCP2340 (Fujitsu M10-4), до XCP3030 (Fujitsu M10-4), до XCP2340 (Fujitsu M10-4S), до XCP3030 (Fujitsu M10-4S), до XCP2340 (Fujitsu M12-1), до XCP3030 (Fujitsu M12-1), до XCP2340 (Fujitsu M12-2), до XCP3030 (Fujitsu M12-2), до XCP2340 (Fujitsu M12-2S), до XCP3030 (Fujitsu M12-2S)

Possible Mitigations

Использование рекомендаций: https://www.openssl.org/news/secadv/20160922.txt

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html http://rhn.redhat.com/errata/RHSA-2016-1940.html http://rhn.redhat.com/errata/RHSA-2016-2802.html http://rhn.redhat.com/errata/RHSA-2017-1415.html http://rhn.redhat.com/errata/RHSA-2017-1659.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.securityfocus.com/bid/93150 https://bto.bluecoat.com/security-advisory/sa132 https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137 https://kc.mcafee.com/corporate/index?page=content&id=SB10171 https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc https://security.gentoo.org/glsa/201612-16 https://www.openssl.org/news/secadv/20160922.txt

CWE

CWE-399

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., OpenSSL Software Foundation, Node.js Foundation, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12.1.3 (E-Business Suite), \u043e\u0442 1.0.1 \u0434\u043e 1.0.1u (OpenSSL), \u043e\u0442 1.0.2 \u0434\u043e 1.0.2i (OpenSSL), \u043e\u0442 1.1.0 \u0434\u043e 1.1.0a (OpenSSL), \u0434\u043e 6.6.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Node.js), \u0434\u043e 10.1.0.0.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Communications EAGLE LNP Application Processor), ECZ7.3.0 (Enterprise Session Border Controller), \u0434\u043e 5.6.33 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL), \u0434\u043e 5.7.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL), \u0434\u043e 5.0.28 (VM VirtualBox), \u0434\u043e 5.1.8 (VM VirtualBox), SCz 7.x (Communications Unified Session Manager), \u0434\u043e XCP1123 (SPARC Enterprise M3000), \u0434\u043e XCP1123 (SPARC Enterprise M4000), \u0434\u043e XCP1123 (SPARC Enterprise M5000), \u0434\u043e XCP1123 (SPARC Enterprise M8000), \u0434\u043e XCP1123 (SPARC Enterprise M9000), 12 (SUSE Linux Enterprise Module for Web Scripting), \u0434\u043e XCP2340 (Fujitsu M10-1), \u0434\u043e XCP3030 (Fujitsu M10-1), \u0434\u043e XCP2340 (Fujitsu M10-4), \u0434\u043e XCP3030 (Fujitsu M10-4), \u0434\u043e XCP2340 (Fujitsu M10-4S), \u0434\u043e XCP3030 (Fujitsu M10-4S), \u0434\u043e XCP2340 (Fujitsu M12-1), \u0434\u043e XCP3030 (Fujitsu M12-1), \u0434\u043e XCP2340 (Fujitsu M12-2), \u0434\u043e XCP3030 (Fujitsu M12-2), \u0434\u043e XCP2340 (Fujitsu M12-2S), \u0434\u043e XCP3030 (Fujitsu M12-2S)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.openssl.org/news/secadv/20160922.txt",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.08.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.05.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01911",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-6304",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "E-Business Suite, OpenSSL, Node.js, Communications EAGLE LNP Application Processor, Enterprise Session Border Controller, MySQL, VM VirtualBox, Communications Unified Session Manager, SPARC Enterprise M3000, SPARC Enterprise M4000, SPARC Enterprise M5000, SPARC Enterprise M8000, SPARC Enterprise M9000, SUSE Linux Enterprise Module for Web Scripting, Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S, Fujitsu M12-1, Fujitsu M12-2, Fujitsu M12-2S",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0430\u0439\u043b\u0435 t1_lib.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c (CWE-399)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0430\u0439\u043b\u0435 t1_lib.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 OCSP Status Request",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759 \nhttp://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html \nhttp://rhn.redhat.com/errata/RHSA-2016-1940.html \nhttp://rhn.redhat.com/errata/RHSA-2016-2802.html \nhttp://rhn.redhat.com/errata/RHSA-2017-1415.html \nhttp://rhn.redhat.com/errata/RHSA-2017-1659.html \nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html \nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html \nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html \nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html \nhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html \nhttp://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html \nhttp://www.securityfocus.com/bid/93150 \nhttps://bto.bluecoat.com/security-advisory/sa132 \nhttps://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137 \nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171 \nhttps://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ \nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc \nhttps://security.gentoo.org/glsa/201612-16 \nhttps://www.openssl.org/news/secadv/20160922.txt",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0423\u0411\u0414, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-399",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2016-6304 (GCVE-0-2016-6304)

Vulnerability from cvelistv5 – Published: 2016-09-26 00:00 – Updated: 2024-08-06 01:29

Summary

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://www.openssl.org/news/secadv/20160922.txt
	https://www.tenable.com/security/tns-2016-20
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-adviso…
	http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.securityfocus.com/bid/93150	vdb-entry
	http://www.oracle.com/technetwork/topics/security…
	http://rhn.redhat.com/errata/RHSA-2016-2802.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Securit…
	http://www.securitytracker.com/id/1036878	vdb-entry
	http://www.splunk.com/view/SP-CAAAPSV
	https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory
	http://www-01.ibm.com/support/docview.wss?uid=swg…
	http://www.oracle.com/technetwork/security-adviso…
	https://nodejs.org/en/blog/vulnerability/septembe…
	https://www.tenable.com/security/tns-2016-16
	https://access.redhat.com/errata/RHSA-2017:2494	vendor-advisory
	http://www.securitytracker.com/id/1037640	vdb-entry
	https://www.tenable.com/security/tns-2016-21
	https://kc.mcafee.com/corporate/index?page=conten…
	http://www.oracle.com/technetwork/security-adviso…
	https://git.openssl.org/?p=openssl.git%3Ba=commit…
	http://www.oracle.com/technetwork/security-adviso…
	https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory
	http://www.oracle.com/technetwork/topics/security…
	https://bto.bluecoat.com/security-advisory/sa132
	http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory
	http://www.oracle.com/technetwork/security-adviso…
	https://security.FreeBSD.org/advisories/FreeBSD-S…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=conte…
	https://access.redhat.com/errata/RHSA-2017:2493	vendor-advisory
	https://kc.mcafee.com/corporate/index?page=conten…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://seclists.org/fulldisclosure/2016/Oct/62	mailing-list
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://seclists.org/fulldisclosure/2016/Dec/47	mailing-list
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://packetstormsecurity.com/files/139091/OpenS…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisorie…
	https://www.arista.com/en/support/advisories-noti…
	https://cert-portal.siemens.com/productcert/pdf/s…

Date Public ?

2016-09-22 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:18.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160922.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2016:1940",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
          },
          {
            "name": "93150",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93150"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "RHSA-2016:2802",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "name": "1036878",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036878"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "name": "RHSA-2017:2494",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2494"
          },
          {
            "name": "1037640",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037640"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa132"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "FreeBSD-SA-16:26",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "name": "RHSA-2017:2493",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2493"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Oct/62"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Dec/47"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2016:2788",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "openSUSE-SU-2016:2769",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20160922.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2016:1940",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
        },
        {
          "name": "93150",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/93150"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "RHSA-2016:2802",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "name": "1036878",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036878"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "name": "RHSA-2017:2494",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2494"
        },
        {
          "name": "1037640",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1037640"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa132"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "FreeBSD-SA-16:26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "name": "RHSA-2017:2493",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2493"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Oct/62"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Dec/47"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2016:2788",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "openSUSE-SU-2016:2769",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-6304",
    "datePublished": "2016-09-26T00:00:00.000Z",
    "dateReserved": "2016-07-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:29:18.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-01911

CVE-2016-6304 (GCVE-0-2016-6304)

Tags

Sightings

Nomenclature