CVE-2016-0705
03.03.2016, 20:59
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oracle | mysql | 5.6.0 ≤ 𝑥 ≤ 5.6.29 |
| oracle | mysql | 5.7.0 ≤ 𝑥 ≤ 5.7.11 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1:beta1 |
| openssl | openssl | 1.0.1:beta2 |
| openssl | openssl | 1.0.1:beta3 |
| openssl | openssl | 1.0.1a:a |
| openssl | openssl | 1.0.1b:b |
| openssl | openssl | 1.0.1c:c |
| openssl | openssl | 1.0.1d:d |
| openssl | openssl | 1.0.1e:e |
| openssl | openssl | 1.0.1f:f |
| openssl | openssl | 1.0.1g:g |
| openssl | openssl | 1.0.1h:h |
| openssl | openssl | 1.0.1i:i |
| openssl | openssl | 1.0.1j:j |
| openssl | openssl | 1.0.1k:k |
| openssl | openssl | 1.0.1l:l |
| openssl | openssl | 1.0.1m:m |
| openssl | openssl | 1.0.1n:n |
| openssl | openssl | 1.0.1o:o |
| openssl | openssl | 1.0.1p:p |
| openssl | openssl | 1.0.1q:q |
| openssl | openssl | 1.0.1r:r |
| openssl | openssl | 1.0.2 |
| openssl | openssl | 1.0.2:beta1 |
| openssl | openssl | 1.0.2:beta2 |
| openssl | openssl | 1.0.2:beta3 |
| openssl | openssl | 1.0.2a:a |
| openssl | openssl | 1.0.2b:b |
| openssl | openssl | 1.0.2c:c |
| openssl | openssl | 1.0.2d:d |
| openssl | openssl | 1.0.2e:e |
| openssl | openssl | 1.0.2f:f |
| android | 4.0 | |
| android | 4.0.1 | |
| android | 4.0.2 | |
| android | 4.0.3 | |
| android | 4.0.4 | |
| android | 4.1 | |
| android | 4.1.2 | |
| android | 4.2 | |
| android | 4.2.1 | |
| android | 4.2.2 | |
| android | 4.3 | |
| android | 4.3.1 | |
| android | 4.4 | |
| android | 4.4.1 | |
| android | 4.4.2 | |
| android | 4.4.3 | |
| android | 5.0 | |
| android | 5.0.1 | |
| android | 5.1 | |
| android | 5.1.0 | |
| android | 6.0 | |
| android | 6.0.1 | |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.10 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libopenssl-devel |
| ||||||||||||
| libopenssl-fips-provider |
| ||||||||||||
| openssl |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| java-1.8.0-ibm |
| ||||
| java-1.8.0-ibm-demo |
| ||||
| java-1.8.0-ibm-devel |
| ||||
| java-1.8.0-ibm-jdbc |
| ||||
| java-1.8.0-ibm-plugin |
| ||||
| java-1.8.0-ibm-src |
| ||||
| openssl |
| ||||
| openssl-devel |
| ||||
| openssl-libs |
| ||||
| openssl-perl |
| ||||
| openssl-static |
|
References