CVE-2016-0799

CVSS V2 High 10 CVSS V3 Critical 9.8

Description

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.

Overview

CVE ID
CVE-2016-0799

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2016-03-03T20:59:03

Last Modified Date
2022-12-13T12:15:19

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:openssl:openssl:1.0.1:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::	1	OR
cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::	1	OR
cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::	1	OR
cpe:2.3:a:openssl:openssl:1.0.1a:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1b:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1c:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1d:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1e:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1f:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1g:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1h:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1i:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1j:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1k:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1l:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1m:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1n:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1o:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1p:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1q:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.1r:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.2:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::	1	OR
cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::	1	OR
cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::	1	OR
cpe:2.3:a:openssl:openssl:1.0.2a:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.2b:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.2c:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.2d:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.2e:::::::*	1	OR
cpe:2.3:a:openssl:openssl:1.0.2f:::::::*	1	OR
cpe:2.3:a:pulsesecure:client:-:::::android::	1	OR
cpe:2.3:a:pulsesecure:client:-:::::iphone_os::	1	OR
cpe:2.3:a:pulsesecure:steel_belted_radius:-:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
10

Severity
HIGH

Exploitability Score
10

Impact Score
10

CVSS Version 3

Version
3.0

Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector
NETWORK

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
HIGH

Base Score
9.8

Base Severity
CRITICAL

Exploitability Score
3.9

Impact Score
5.9

References

Reference URL	Reference Tags
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
http://marc.info/?l=bugtraq&m=145983526810210&w=2
http://marc.info/?l=bugtraq&m=146108058503441&w=2
http://openssl.org/news/secadv/20160301.txt	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-0722.html
http://rhn.redhat.com/errata/RHSA-2016-0996.html
http://rhn.redhat.com/errata/RHSA-2016-2073.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
http://www.debian.org/security/2016/dsa-3500
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/83755
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1035133
http://www.ubuntu.com/usn/USN-2914-1
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://security.gentoo.org/glsa/201603-15
https://www.openssl.org/news/secadv/20160301.txt

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2016-0799
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:52:40				Added to TrackCVE
2022-12-02 08:31:30	2016-03-03T20:59Z	2016-03-03T20:59:03	CVE Published Date	updated
2022-12-02 08:31:30		2018-01-05T02:30:30	CVE Modified Date	updated
2022-12-02 08:31:30		Modified	Vulnerability Status	updated
2022-12-13 13:07:38		2022-12-13T12:15:19	CVE Modified Date	updated
2022-12-13 13:07:41			References	updated
2023-01-19 15:04:25	Modified	Undergoing Analysis	Vulnerability Status	updated
2023-01-20 15:05:12	Undergoing Analysis	Modified	Vulnerability Status	updated