Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0705

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

Published

2016-03-03T20:59:00.953

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	mysql	≤ 5.6.29	Yes
Application	oracle	mysql	≤ 5.7.11	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1a	Yes
Application	openssl	openssl	1.0.1b	Yes
Application	openssl	openssl	1.0.1c	Yes
Application	openssl	openssl	1.0.1d	Yes
Application	openssl	openssl	1.0.1e	Yes
Application	openssl	openssl	1.0.1f	Yes
Application	openssl	openssl	1.0.1g	Yes
Application	openssl	openssl	1.0.1h	Yes
Application	openssl	openssl	1.0.1i	Yes
Application	openssl	openssl	1.0.1j	Yes
Application	openssl	openssl	1.0.1k	Yes
Application	openssl	openssl	1.0.1l	Yes
Application	openssl	openssl	1.0.1m	Yes
Application	openssl	openssl	1.0.1n	Yes
Application	openssl	openssl	1.0.1o	Yes
Application	openssl	openssl	1.0.1p	Yes
Application	openssl	openssl	1.0.1q	Yes
Application	openssl	openssl	1.0.1r	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2a	Yes
Application	openssl	openssl	1.0.2b	Yes
Application	openssl	openssl	1.0.2c	Yes
Application	openssl	openssl	1.0.2d	Yes
Application	openssl	openssl	1.0.2e	Yes
Application	openssl	openssl	1.0.2f	Yes
Operating System	google	android	4.0	Yes
Operating System	google	android	4.0.1	Yes
Operating System	google	android	4.0.2	Yes
Operating System	google	android	4.0.3	Yes
Operating System	google	android	4.0.4	Yes
Operating System	google	android	4.1	Yes
Operating System	google	android	4.1.2	Yes
Operating System	google	android	4.2	Yes
Operating System	google	android	4.2.1	Yes
Operating System	google	android	4.2.2	Yes
Operating System	google	android	4.3	Yes
Operating System	google	android	4.3.1	Yes
Operating System	google	android	4.4	Yes
Operating System	google	android	4.4.1	Yes
Operating System	google	android	4.4.2	Yes
Operating System	google	android	4.4.3	Yes
Operating System	google	android	5.0	Yes
Operating System	google	android	5.0.1	Yes
Operating System	google	android	5.1	Yes
Operating System	google	android	5.1.0	Yes
Operating System	google	android	6.0	Yes
Operating System	google	android	6.0.1	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	15.10	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=145889460330120&w=2 Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=145983526810210&w=2 Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=146108058503441&w=2 Mailing List, Third Party Advisory ([email protected])
http://openssl.org/news/secadv/20160301.txt Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-2957.html Third Party Advisory ([email protected])
http://source.android.com/security/bulletin/2016-05-01.html Third Party Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl Third Party Advisory ([email protected])
http://www.debian.org/security/2016/dsa-3500 Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Patch, Vendor Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch, Vendor Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Vendor Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/83754 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/91787 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1035133 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-2914-1 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2568 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2575 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2713 Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf ([email protected])
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88 ([email protected])
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 Third Party Advisory ([email protected])
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168 Third Party Advisory ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/201603-15 Third Party Advisory ([email protected])
https://www.openssl.org/news/secadv/20160301.txt Vendor Advisory ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=145889460330120&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=145983526810210&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=146108058503441&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openssl.org/news/secadv/20160301.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2957.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://source.android.com/security/bulletin/2016-05-01.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3500 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/83754 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91787 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035133 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2914-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2568 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2575 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2713 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88 (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201603-15 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openssl.org/news/secadv/20160301.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)