Back to search

OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	May 04, 2016	May 04, 2016	January 08, 2018

Description

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

APPLE-APPLE-SA-2016-07-18-1
BID-89752
BID-91787
CVE-2016-2108
DEBIAN-DSA-3566
DISA_SEVERITY-Category I
IAVM-2016-A-0230
REDHAT-RHSA-2016:0722
REDHAT-RHSA-2016:0996
REDHAT-RHSA-2016:1137
REDHAT-RHSA-2016:2056
REDHAT-RHSA-2016:2073
REDHAT-RHSA-2016:2957
REDHAT-RHSA-2017:0193
REDHAT-RHSA-2017:0194
URL: https://www.openssl.org/news/secadv/20160503.txt

Solution

http-openssl-1_0_1-upgrade-1_0_1_o

Related Vulnerabilities

Gentoo Linux: CVE-2015-7183: Mozilla Products: Multiple vulnerabilities
Ubuntu: (Multiple Advisories) (CVE-2016-3606): OpenJDK 6 vulnerabilities
Java CPU July 2016 Java SE, Java SE Embedded Libraries vulnerability (CVE-2016-3598)
Red Hat: CVE-2016-2108: Important: openssl security update ((Multiple Advisories))
HP-UX: CVE-2015-1793: OpenSSL Vulnerability (Alternative Chain Certificate Forgery)
Ubuntu: USN-2959-1 (CVE-2016-2105): OpenSSL vulnerabilities
Oracle Linux: (CVE-2016-3587) ELSA-2016-1458: java-1.8.0-openjdk security update
Red Hat: CVE-2016-3521: Important: mariadb security update (RHSA-2016:1602)
CentOS: (CVE-2016-3521) CESA-2016:1602: mariadb
SUSE: CVE-2016-1978: SUSE Linux Security Advisory
OS X update for Admin Framework (CVE-2015-4000)
Amazon Linux AMI: CVE-2016-5440: Security patch for mysql55 ((Multiple Advisories))
MFSA2015-70 SeaMonkey: NSS accepts export-length DHE keys with regular DHE cipher suites (CVE-2015-4000)
Ubuntu: USN-2883-1 (CVE-2016-0701): OpenSSL vulnerability
OS X update for apache (CVE-2015-1790)
F5 Networks: K16864 (CVE-2015-2808): SSL/TLS RC4 vulnerability CVE-2015-2808
Palo Alto Networks (Multiple Advisories) (CVE-2015-1792): OpenSSL Vulnerabilities
Gentoo Linux: CVE-2015-3237: cURL: Multiple vulnerabilities
SUSE: CVE-2015-5600: SUSE Linux Security Advisory
Gentoo Linux: CVE-2016-1978: Mozilla Products: Multiple vulnerabilities
HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1791): Linux and Windows, Multiple Vulnerabilities
CentOS: (CVE-2016-0800) (Multiple Advisories): openssl098e
SUSE: CVE-2016-3458: SUSE Linux Security Advisory
Debian: CVE-2016-3521: mariadb-10.0 -- security update
RHSA-2016:0996: openssl security update
F5 Networks: K25075696 (CVE-2016-3500): Oracle Java vulnerability CVE-2016-3500
Alpine Linux: CVE-2016-2106: openssl Multiple vulnerabilities
Java CPU July 2016 Java SE, Java SE Embedded Hotspot vulnerability (CVE-2016-3550)
SUSE: CVE-2016-3501: SUSE Linux Security Advisory
Oracle Solaris 11: CVE-2015-3236: Vulnerability in libcurl
Amazon Linux AMI: CVE-2016-3459: Security patch for mysql56 (ALAS-2016-737)
F5 Networks: K31026324 (CVE-2015-8104): Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
IBM AIX: java_april2015_advisory, rc4_advisory (CVE-2015-2808): Vulnerability in IBM Java SDK affects AIX
Debian: CVE-2016-0797: openssl -- security update
Oracle Solaris 11: CVE-2015-1788: Vulnerability in OpenSSL
Debian: CVE-2015-7182: nss -- security update
Huawei EulerOS: CVE-2016-4052: squid security update
Huawei EulerOS: CVE-2016-3521: mariadb security update
CentOS: (CVE-2016-3606) (Multiple Advisories): java-1.6.0-openjdk
FreeBSD: FreeBSD -- Multiple OpenSSL vulnerabilities (FreeBSD-SA-16:12.openssl) (Multiple CVEs)
Amazon Linux AMI: CVE-2016-0797: Security patch for openssl (ALAS-2016-661)
Huawei EulerOS: CVE-2016-3610: java-1.7.0-openjdk security update
MFSA2015-133 Firefox: NSS and NSPR memory corruption issues (CVE-2015-7182)
Gentoo Linux: CVE-2015-0204: OpenSSL: Multiple vulnerabilities
FreeBSD: node -- multiple vulnerabilities (Multiple CVEs)
Apache HTTPD: mod_lua: Crash in websockets PING handling (CVE-2015-0228)
Oracle Linux: (CVE-2016-2109) (Multiple Advisories): openssl security update
Debian: DSA-3566 (CVE-2016-2176): openssl -- security update
Oracle Solaris 11: CVE-2016-5444: Vulnerability in MySQL
Ubuntu: USN-3040-1 (CVE-2016-5437): MySQL vulnerabilities
Amazon Linux AMI: CVE-2016-4051: Security patch for squid ((Multiple Advisories))
Amazon Linux AMI: CVE-2016-4052: Security patch for squid (ALAS-2016-713)
FreeBSD: openssl -- multiple vulnerabilities (FreeBSD-SA-15:26.openssl) (Multiple CVEs)
FreeBSD: apache22 -- chunk header parsing defect (CVE-2015-3183)
Ubuntu: USN-2830-1 (CVE-2015-3193): OpenSSL vulnerabilities
Ubuntu: USN-2959-1 (CVE-2016-2106): OpenSSL vulnerabilities
HP-UX: CVE-2015-1790: OpenSSL Vulnerability (PKCS7 crash with missing EnvelopedContent)
Amazon Linux AMI: CVE-2016-3458: Security patch for java-1.6.0-openjdk ((Multiple Advisories))
Oracle Linux: (CVE-2016-3550) (Multiple Advisories): java-1.6.0-openjdk security update
Ubuntu: (Multiple Advisories) (CVE-2015-7181): Thunderbird vulnerabilities
Gentoo Linux: CVE-2016-0799: OpenSSL: Multiple vulnerabilities
SUSE: CVE-2016-3511: SUSE Linux Security Advisory
Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products (CVE-2016-0701)
Oracle Solaris 11: CVE-2015-7183: Vulnerability in Firefox, Thunderbird
SUSE: CVE-2015-0228: SUSE Linux Security Advisory
SUSE: CVE-2015-7182: SUSE Linux Security Advisory
Cisco ASA: CVE-2015-3194: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products December 2015 (cisco-sa-20151204-openssl)
HP-UX: CVE-2015-1791: OpenSSL Vulnerability (Race condition handling NewSessionTicket)
IBM AIX: openssl_advisory20 (CVE-2016-2108): Vulnerabilities in OpenSSL affects AIX
Gentoo Linux: CVE-2016-3598: Oracle JRE/JDK: Multiple vulnerabilities
Oracle Solaris 11: CVE-2016-5469: Vulnerability in Kernel
Apache Struts: CVE-2016-1182: XSS and denial of service
F5 Networks: K16915 (CVE-2015-1792): OpenSSL vulnerability CVE-2015-1792
SUSE: CVE-2016-0799: SUSE Linux Security Advisory
Huawei EulerOS: CVE-2016-3452: mariadb security update
Oracle Linux: (CVE-2016-3615) ELSA-2016-1602: mariadb security update
Juniper Junos OS: 2015-05 Out of Cycle Security Bulletin: "Logjam" passive attack on sub-1024 DH groups, and active downgrade attack of TLS to DHE_EXPORT (JSA10681) (CVE-2015-4000)
Red Hat: CVE-2016-2105: Important: openssl security update ((Multiple Advisories))
F5 Networks: K16124 (CVE-2015-0206): OpenSSL vulnerability CVE-2015-0206
Red Hat: CVE-2016-5440: Important: mariadb security update (RHSA-2016:1602)
CentOS: (CVE-2016-4053) (Multiple Advisories): squid34
Alpine Linux: CVE-2016-2105: openssl Multiple vulnerabilities
OpenSSL PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
MFSA2015-150 Thunderbird: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (CVE-2015-7575)
HP Systems Insight Manager - HPSBMU03394 (CVE-2015-1789): Linux and Windows, Multiple Vulnerabilities
Red Hat: CVE-2016-2106: Important: openssl security update ((Multiple Advisories))
Oracle MySQL Vulnerability: CVE-2016-3614
Juniper Junos OS: 2018-04 Security Bulletin: OpenSSL Security Advisory [07 Dec 2017] (JSA10851) (multiple CVEs)
Amazon Linux AMI: CVE-2016-3452: Security patch for mysql55 (ALAS-2016-738)
Sun Patch: SunOS 5.10: OpenSSL 0.9.7 patch
OS X update for OpenSSL (CVE-2015-1791)
Gentoo Linux: CVE-2016-2108: OpenSSL: Multiple vulnerabilities
Oracle Solaris 11: CVE-2016-5437: Vulnerability in MySQL
Debian: CVE-2016-0798: openssl -- security update
Oracle Linux: (CVE-2016-4052) (Multiple Advisories): squid security, bug fix, and enhancement update
IBM WebSphere Application Server: CVE-2015-7575: IBM Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
CentOS: (CVE-2015-7575) (Multiple Advisories): java-1.7.0-openjdk
Gentoo Linux: CVE-2016-3511: Oracle JRE/JDK: Multiple vulnerabilities
HP-UX: CVE-2015-0204: Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
Oracle Solaris 11: CVE-2015-4000: Vulnerability in LFTP, OpenSSL, Thunderbird

Vulnerability & Exploit Database

OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch: