Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6306

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

Published

2016-09-26T19:59:02.910

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1	Yes
Application	openssl	openssl	1.0.1a	Yes
Application	openssl	openssl	1.0.1b	Yes
Application	openssl	openssl	1.0.1c	Yes
Application	openssl	openssl	1.0.1d	Yes
Application	openssl	openssl	1.0.1e	Yes
Application	openssl	openssl	1.0.1f	Yes
Application	openssl	openssl	1.0.1g	Yes
Application	openssl	openssl	1.0.1h	Yes
Application	openssl	openssl	1.0.1i	Yes
Application	openssl	openssl	1.0.1j	Yes
Application	openssl	openssl	1.0.1k	Yes
Application	openssl	openssl	1.0.1l	Yes
Application	openssl	openssl	1.0.1m	Yes
Application	openssl	openssl	1.0.1n	Yes
Application	openssl	openssl	1.0.1o	Yes
Application	openssl	openssl	1.0.1p	Yes
Application	openssl	openssl	1.0.1q	Yes
Application	openssl	openssl	1.0.1r	Yes
Application	openssl	openssl	1.0.1s	Yes
Application	openssl	openssl	1.0.1t	Yes
Application	hp	icewall_federation_agent	3.0	Yes
Application	hp	icewall_mcrp	3.0	Yes
Application	hp	icewall_sso	10.0	Yes
Application	hp	icewall_sso	10.0	Yes
Application	hp	icewall_sso_agent_option	10.0	Yes
Operating System	novell	suse_linux_enterprise_module_for_web_scripting	12.0	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2	Yes
Application	openssl	openssl	1.0.2a	Yes
Application	openssl	openssl	1.0.2b	Yes
Application	openssl	openssl	1.0.2c	Yes
Application	openssl	openssl	1.0.2d	Yes
Application	openssl	openssl	1.0.2e	Yes
Application	openssl	openssl	1.0.2f	Yes
Application	openssl	openssl	1.0.2h	Yes
Application	nodejs	node.js	< 0.10.47	Yes
Application	nodejs	node.js	< 0.12.16	Yes
Application	nodejs	node.js	≤ 4.1.2	Yes
Application	nodejs	node.js	< 4.6.0	Yes
Application	nodejs	node.js	≤ 5.12.0	Yes
Application	nodejs	node.js	< 6.7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-1940.html Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2017/Jul/31 Mailing List, Third Party Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory ([email protected])
http://www.debian.org/security/2016/dsa-3673 Third Party Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/93153 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036885 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-3087-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-3087-2 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2185 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2186 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2187 Third Party Advisory ([email protected])
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf ([email protected])
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9 ([email protected])
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 Third Party Advisory ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 Third Party Advisory ([email protected])
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 Third Party Advisory ([email protected])
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ Vendor Advisory ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201612-16 Third Party Advisory ([email protected])
https://support.f5.com/csp/article/K90492697 Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us Third Party Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 Third Party Advisory ([email protected])
https://www.openssl.org/news/secadv/20160922.txt Vendor Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2020.html Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-16 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-20 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-21 Third Party Advisory ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-1940.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2017/Jul/31 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3673 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/93153 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036885 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3087-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3087-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2185 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2186 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2187 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9 (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201612-16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K90492697 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openssl.org/news/secadv/20160922.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-20 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-21 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)