Search for vulnerabilities
Vulnerability details: VCID-kryh-pfgh-aaag
Vulnerability ID VCID-kryh-pfgh-aaag
Aliases CVE-2016-2177
VC-OPENSSL-20160601-CVE-2016-2177
Summary OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2177.html
rhas Important https://access.redhat.com/errata/RHSA-2016:1940
rhas Important https://access.redhat.com/errata/RHSA-2016:2957
rhas Important https://access.redhat.com/errata/RHSA-2017:1659
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2177.json
epss 0.08317 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.08317 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.08317 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.08317 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.12756 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.12756 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.12756 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.12756 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.12756 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.15220 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33014 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33014 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33014 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33014 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33014 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33014 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33808 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33808 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33808 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33808 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.33808 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.34306 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
epss 0.5853 https://api.first.org/data/v1/epss?cve=CVE-2016-2177
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306
cvssv2 5.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-2177
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-2177
archlinux High https://security.archlinux.org/AVG-29
archlinux High https://security.archlinux.org/AVG-30
generic_textual Medium https://ubuntu.com/security/notices/USN-3087-1
generic_textual Medium https://ubuntu.com/security/notices/USN-3181-1
generic_textual Low https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
generic_textual Low https://www.openssl.org/news/secadv/20160922.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
cvssv3.1 8.1 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
cvssv3.1 5.3 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2177.html
http://rhn.redhat.com/errata/RHSA-2016-1940.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://rhn.redhat.com/errata/RHSA-2017-1659.html
https://access.redhat.com/errata/RHSA-2017:0193
https://access.redhat.com/errata/RHSA-2017:0194
https://access.redhat.com/errata/RHSA-2017:1658
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2177.json
https://api.first.org/data/v1/epss?cve=CVE-2016-2177
https://bto.bluecoat.com/security-advisory/sa132
https://bugzilla.redhat.com/show_bug.cgi?id=1341705
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306
http://seclists.org/fulldisclosure/2017/Jul/31
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7
https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://kc.mcafee.com/corporate/index?page=content&id=SB10165
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
https://security.gentoo.org/glsa/201612-16
https://support.f5.com/csp/article/K23873366
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
https://ubuntu.com/security/notices/USN-3087-1
https://ubuntu.com/security/notices/USN-3181-1
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
https://www.openssl.org/news/secadv/20160922.txt
https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/
https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
https://www.tenable.com/security/tns-2016-21
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.debian.org/security/2016/dsa-3673
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
http://www.openwall.com/lists/oss-security/2016/06/08/9
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.securityfocus.com/archive/1/540957/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded
http://www.securityfocus.com/bid/91319
http://www.securitytracker.com/id/1036088
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
http://www.ubuntu.com/usn/USN-3087-1
http://www.ubuntu.com/usn/USN-3087-2
http://www.ubuntu.com/usn/USN-3181-1
ASA-201609-23 https://security.archlinux.org/ASA-201609-23
ASA-201609-24 https://security.archlinux.org/ASA-201609-24
AVG-29 https://security.archlinux.org/AVG-29
AVG-30 https://security.archlinux.org/AVG-30
cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*
cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*
cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*
cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
CVE-2016-2177 https://nvd.nist.gov/vuln/detail/CVE-2016-2177
RHSA-2016:1940 https://access.redhat.com/errata/RHSA-2016:1940
RHSA-2016:2957 https://access.redhat.com/errata/RHSA-2016:2957
RHSA-2017:1659 https://access.redhat.com/errata/RHSA-2017:1659
USN-3087-1 https://usn.ubuntu.com/3087-1/
USN-3181-1 https://usn.ubuntu.com/3181-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2177.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2177
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94379
EPSS Score 0.08317
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.