CVE-2016-6306

Published Sep 26, 2016
Last updated a year ago
CVSS medium 5.9
Overview

Description: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Source: secalert@redhat.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-125
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9EC827B-5313-47D7-BF49-CFF033CF3D53"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A438E65F-33B1-46BC-AD93-200DCC6B43D4"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BFDCF78-62C1-429E-A43C-0C9FEC14837D"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A0B4DEF-C6E8-4243-9893-6E650013600C"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E28CD4F7-522F-4ECA-9035-228596CDE769"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A491B32F-31F0-4151-AE9B-313CBF2C060D"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AF4953B-BB23-4C80-8C48-9E94EB234AAE"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3261B40-5CBE-4AA6-990A-0A7BE96E5518"
          },
          {
            "criteria": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6AFB9DD-DA50-4F9D-B19D-160CA487D002"
          },
          {
            "criteria": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87037877-8506-4737-9F47-2CB687975B1C"
          },
          {
            "criteria": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD94C478-6F81-4F37-B7F3-61D8682EC593"
          },
          {
            "criteria": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "531FE660-C1A9-4C83-90BE-E38AA493D4F7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F788DAEB-9865-45DE-B18A-FDD43E1EBB9D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "080F38F5-0A51-43BC-BC66-98545B31A0F2",
            "versionEndExcluding": "0.10.47",
            "versionStartIncluding": "0.10.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F90AAE35-9B46-4FEA-AF3A-5F28761EAC4D",
            "versionEndExcluding": "0.12.16",
            "versionStartIncluding": "0.12.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A47FC4F7-1F77-4314-B4B3-3C5D8E335379",
            "versionEndIncluding": "4.1.2",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "303F780C-C971-4216-86D6-5026AAD56279",
            "versionEndExcluding": "4.6.0",
            "versionStartIncluding": "4.2.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "121E5D5D-B4D9-43F3-B5C9-74590192FAF1",
            "versionEndIncluding": "5.12.0",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8291D42E-9E50-414D-9752-D70906D512B2",
            "versionEndExcluding": "6.7.0",
            "versionStartIncluding": "6.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
