Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2182

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Published

2016-09-16T05:59:02.627

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hp	icewall_federation_agent	3.0	Yes
Application	hp	icewall_mcrp	3.0	Yes
Application	hp	icewall_sso	10.0	Yes
Application	hp	icewall_sso	10.0	Yes
Application	hp	icewall_sso_agent_option	10.0	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1a	Yes
Application	openssl	openssl	1.0.1b	Yes
Application	openssl	openssl	1.0.1c	Yes
Application	openssl	openssl	1.0.1d	Yes
Application	openssl	openssl	1.0.1e	Yes
Application	openssl	openssl	1.0.1f	Yes
Application	openssl	openssl	1.0.1g	Yes
Application	openssl	openssl	1.0.1h	Yes
Application	openssl	openssl	1.0.1i	Yes
Application	openssl	openssl	1.0.1j	Yes
Application	openssl	openssl	1.0.1k	Yes
Application	openssl	openssl	1.0.1l	Yes
Application	openssl	openssl	1.0.1m	Yes
Application	openssl	openssl	1.0.1n	Yes
Application	openssl	openssl	1.0.1o	Yes
Application	openssl	openssl	1.0.1p	Yes
Application	openssl	openssl	1.0.1q	Yes
Application	openssl	openssl	1.0.1r	Yes
Application	openssl	openssl	1.0.1s	Yes
Application	openssl	openssl	1.0.1t	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2a	Yes
Application	openssl	openssl	1.0.2b	Yes
Application	openssl	openssl	1.0.2c	Yes
Application	openssl	openssl	1.0.2d	Yes
Application	openssl	openssl	1.0.2e	Yes
Application	openssl	openssl	1.0.2f	Yes
Application	openssl	openssl	1.0.2g	Yes
Application	openssl	openssl	1.0.2h	Yes
Operating System	oracle	linux	5	Yes
Operating System	oracle	linux	6	Yes
Operating System	oracle	linux	7	Yes

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-1940.html ([email protected])
http://seclists.org/fulldisclosure/2017/Jul/31 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory ([email protected])
http://www.debian.org/security/2016/dsa-3673 ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/92557 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036688 ([email protected])
http://www.securitytracker.com/id/1037968 ([email protected])
http://www.splunk.com/view/SP-CAAAPSV Third Party Advisory ([email protected])
http://www.splunk.com/view/SP-CAAAPUE Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-3087-1 ([email protected])
http://www.ubuntu.com/usn/USN-3087-2 ([email protected])
https://access.redhat.com/errata/RHSA-2018:2185 ([email protected])
https://access.redhat.com/errata/RHSA-2018:2186 ([email protected])
https://access.redhat.com/errata/RHSA-2018:2187 ([email protected])
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf ([email protected])
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34 ([email protected])
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 Third Party Advisory ([email protected])
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10171 Third Party Advisory ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc ([email protected])
https://source.android.com/security/bulletin/2017-03-01 ([email protected])
https://source.android.com/security/bulletin/2017-03-01.html ([email protected])
https://support.f5.com/csp/article/K01276005 ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 ([email protected])
https://www.tenable.com/security/tns-2016-16 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-20 ([email protected])
https://www.tenable.com/security/tns-2016-21 ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-1940.html (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2017/Jul/31 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3673 (af854a3a-2127-422b-91ae-364da2661108)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92557 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036688 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037968 (af854a3a-2127-422b-91ae-364da2661108)
http://www.splunk.com/view/SP-CAAAPSV Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.splunk.com/view/SP-CAAAPUE Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3087-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3087-2 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2185 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2186 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2187 (af854a3a-2127-422b-91ae-364da2661108)
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34 (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10171 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc (af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2017-03-01 (af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2017-03-01.html (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K01276005 (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us (af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-20 (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-21 (af854a3a-2127-422b-91ae-364da2661108)