Search for vulnerabilities
Vulnerability details: VCID-9wtw-93e9-aaam
Vulnerability ID VCID-9wtw-93e9-aaam
Aliases CVE-2016-0799
VC-OPENSSL-20160301-CVE-2016-0799
Summary The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Medium http://openssl.org/news/secadv/20160301.txt
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0799.html
rhas Important https://access.redhat.com/errata/RHSA-2016:0722
rhas Important https://access.redhat.com/errata/RHSA-2016:0996
rhas Important https://access.redhat.com/errata/RHSA-2016:2073
rhas Important https://access.redhat.com/errata/RHSA-2016:2957
epss 0.30968 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.30968 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.30968 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.32912 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.33467 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.33467 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.33467 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.35965 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.39164 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.42772 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.42772 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.42772 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.42772 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.42772 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.43537 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.43537 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.43537 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
epss 0.61791 https://api.first.org/data/v1/epss?cve=CVE-2016-0799
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1312219
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
cvssv2 2.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual Low https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
generic_textual MODERATE https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
cvssv3.1 8.1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2016-0799
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-0799
generic_textual Low https://ubuntu.com/security/notices/USN-2914-1
generic_textual Moderate https://www.openssl.org/news/secadv/20160301.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
cvssv3.1 6.5 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
http://marc.info/?l=bugtraq&m=145983526810210&w=2
http://marc.info/?l=bugtraq&m=146108058503441&w=2
http://openssl.org/news/secadv/20160301.txt
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0799.html
http://rhn.redhat.com/errata/RHSA-2016-0722.html
http://rhn.redhat.com/errata/RHSA-2016-0996.html
http://rhn.redhat.com/errata/RHSA-2016-2073.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0799.json
https://api.first.org/data/v1/epss?cve=CVE-2016-0799
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=578b956fe741bf8e84055547b1e83c28dd902c73
https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://security.gentoo.org/glsa/201603-15
https://ubuntu.com/security/notices/USN-2914-1
https://www.openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
http://www.debian.org/security/2016/dsa-3500
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/83755
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1035133
http://www.ubuntu.com/usn/USN-2914-1
1312219 https://bugzilla.redhat.com/show_bug.cgi?id=1312219
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:client:-:*:*:*:*:android:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pulsesecure:client:-:*:*:*:*:android:*:*
cpe:2.3:a:pulsesecure:client:-:*:*:*:*:iphone_os:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pulsesecure:client:-:*:*:*:*:iphone_os:*:*
cpe:2.3:a:pulsesecure:steel_belted_radius:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pulsesecure:steel_belted_radius:-:*:*:*:*:*:*:*
CVE-2016-0799 https://nvd.nist.gov/vuln/detail/CVE-2016-0799
RHSA-2016:0722 https://access.redhat.com/errata/RHSA-2016:0722
RHSA-2016:0996 https://access.redhat.com/errata/RHSA-2016:0996
RHSA-2016:2073 https://access.redhat.com/errata/RHSA-2016:2073
RHSA-2016:2957 https://access.redhat.com/errata/RHSA-2016:2957
USN-2914-1 https://usn.ubuntu.com/2914-1/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0799
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0799
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96964
EPSS Score 0.30968
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.