Search for vulnerabilities
Vulnerability details: VCID-uh6s-bvxe-aaaf
Vulnerability ID VCID-uh6s-bvxe-aaaf
Aliases CVE-2016-0797
VC-OPENSSL-20160301-CVE-2016-0797
Summary In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of these functions use data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be rare.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual Medium http://openssl.org/news/secadv/20160301.txt
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0797.html
rhas Important https://access.redhat.com/errata/RHSA-2016:0301
rhas Important https://access.redhat.com/errata/RHSA-2016:0302
rhas Important https://access.redhat.com/errata/RHSA-2016:0379
rhas Important https://access.redhat.com/errata/RHSA-2016:2957
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.06932 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.07935 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.11455 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.11455 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.11455 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.11455 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.11455 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.16467 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.16921 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.16921 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.16921 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.18565 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.18565 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
epss 0.30737 https://api.first.org/data/v1/epss?cve=CVE-2016-0797
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1311880
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
cvssv3.1 8.1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
cvssv3.1 5.3 https://kc.mcafee.com/corporate/index?page=content&id=SB10156
generic_textual MODERATE https://kc.mcafee.com/corporate/index?page=content&id=SB10156
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2016-0797
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-0797
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-0797
generic_textual Low https://ubuntu.com/security/notices/USN-2914-1
generic_textual Moderate https://www.openssl.org/news/secadv/20160301.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
cvssv3.1 6.5 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
generic_textual Low http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
http://marc.info/?l=bugtraq&m=145889460330120&w=2
http://openssl.org/news/secadv/20160301.txt
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0797.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0797.json
https://api.first.org/data/v1/epss?cve=CVE-2016-0797
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c175308407858afff3fc8c2e5e085d94d12edc7d
https://git.openssl.org/?p=openssl.git;a=commit;h=c175308407858afff3fc8c2e5e085d94d12edc7d
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://kc.mcafee.com/corporate/index?page=content&id=SB10156
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://security.gentoo.org/glsa/201603-15
https://ubuntu.com/security/notices/USN-2914-1
https://www.openssl.org/news/secadv/20160301.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
http://www.debian.org/security/2016/dsa-3500
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/83763
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1035133
http://www.ubuntu.com/usn/USN-2914-1
1311880 https://bugzilla.redhat.com/show_bug.cgi?id=1311880
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2016-0797 https://nvd.nist.gov/vuln/detail/CVE-2016-0797
RHSA-2016:0301 https://access.redhat.com/errata/RHSA-2016:0301
RHSA-2016:0302 https://access.redhat.com/errata/RHSA-2016:0302
RHSA-2016:0379 https://access.redhat.com/errata/RHSA-2016:0379
RHSA-2016:2957 https://access.redhat.com/errata/RHSA-2016:2957
USN-2914-1 https://usn.ubuntu.com/2914-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10156
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0797
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0797
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0797
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94140
EPSS Score 0.06932
Published At Nov. 18, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.