CVE-2016-2105 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0
opensuse	leap	42.1
opensuse	opensuse	13.2
oracle	mysql	5.6.0 ≤ 𝑥 ≤ 5.6.30
oracle	mysql	5.7.0 ≤ 𝑥 ≤ 5.7.12
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.2
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.2
redhat	enterprise_linux_server_eus	7.2
redhat	enterprise_linux_workstation	7.0
apple	mac_os_x	10.11.5
openssl	openssl	1.0.1
openssl	openssl	1.0.1:beta1
openssl	openssl	1.0.1:beta2
openssl	openssl	1.0.1:beta3
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i
openssl	openssl	1.0.1j:j
openssl	openssl	1.0.1k:k
openssl	openssl	1.0.1l:l
openssl	openssl	1.0.1m:m
openssl	openssl	1.0.1n:n
openssl	openssl	1.0.1o:o
openssl	openssl	1.0.1p:p
openssl	openssl	1.0.1q:q
openssl	openssl	1.0.1r:r
openssl	openssl	1.0.1s:s
openssl	openssl	1.0.2
openssl	openssl	1.0.2:beta1
openssl	openssl	1.0.2:beta2
openssl	openssl	1.0.2:beta3
openssl	openssl	1.0.2a:a
openssl	openssl	1.0.2b:b
openssl	openssl	1.0.2c:c
openssl	openssl	1.0.2d:d
openssl	openssl	1.0.2e:e
openssl	openssl	1.0.2f:f
openssl	openssl	1.0.2g:g
debian	debian_linux	8.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10
canonical	ubuntu_linux	16.04
nodejs	node.js	0.10.0 ≤ 𝑥 < 0.10.45
nodejs	node.js	0.12.0 ≤ 𝑥 < 0.12.14
nodejs	node.js	4.0.0 ≤ 𝑥 ≤ 4.1.2
nodejs	node.js	4.2.0 ≤ 𝑥 < 4.4.4
nodejs	node.js	5.0.0 ≤ 𝑥 < 5.11.1
nodejs	node.js	6.0.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

disco	Fixed 1.0.2g-1ubuntu5 released
cosmic	Fixed 1.0.2g-1ubuntu5 released
bionic	Fixed 1.0.2g-1ubuntu5 released
artful	Fixed 1.0.2g-1ubuntu5 released
zesty	Fixed 1.0.2g-1ubuntu5 released
yakkety	Fixed 1.0.2g-1ubuntu5 released
xenial	Fixed 1.0.2g-1ubuntu4.1 released
wily	Fixed 1.0.2d-0ubuntu1.5 released
trusty	Fixed 1.0.1f-1ubuntu2.19 released
precise	Fixed 1.0.1-4ubuntu5.36 released

openssl098

disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
wily	dne
trusty	dne
precise	ignored

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

http://rhn.redhat.com/errata/RHSA-2016-0722.html

http://rhn.redhat.com/errata/RHSA-2016-0996.html

http://rhn.redhat.com/errata/RHSA-2016-1648.html

http://rhn.redhat.com/errata/RHSA-2016-1649.html

http://rhn.redhat.com/errata/RHSA-2016-1650.html

http://rhn.redhat.com/errata/RHSA-2016-2056.html

http://rhn.redhat.com/errata/RHSA-2016-2073.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

http://www.debian.org/security/2016/dsa-3566

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/89757

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035721

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

http://www.ubuntu.com/usn/USN-2959-1

https://bto.bluecoat.com/security-advisory/sa123

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://kc.mcafee.com/corporate/index?page=content&id=SB10160

https://security.gentoo.org/glsa/201612-16

https://security.netapp.com/advisory/ntap-20160504-0001/

https://source.android.com/security/bulletin/pixel/2017-11-01

https://support.apple.com/HT206903

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc

https://www.openssl.org/news/secadv/20160503.txt

https://www.tenable.com/security/tns-2016-18

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html

http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html

http://rhn.redhat.com/errata/RHSA-2016-0722.html

http://rhn.redhat.com/errata/RHSA-2016-0996.html

http://rhn.redhat.com/errata/RHSA-2016-1648.html

http://rhn.redhat.com/errata/RHSA-2016-1649.html

http://rhn.redhat.com/errata/RHSA-2016-1650.html

http://rhn.redhat.com/errata/RHSA-2016-2056.html

http://rhn.redhat.com/errata/RHSA-2016-2073.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

http://www.debian.org/security/2016/dsa-3566

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/89757

http://www.securityfocus.com/bid/91787

http://www.securitytracker.com/id/1035721

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103

http://www.ubuntu.com/usn/USN-2959-1

https://bto.bluecoat.com/security-advisory/sa123

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://kc.mcafee.com/corporate/index?page=content&id=SB10160

https://security.gentoo.org/glsa/201612-16

https://security.netapp.com/advisory/ntap-20160504-0001/

https://source.android.com/security/bulletin/pixel/2017-11-01

https://support.apple.com/HT206903

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc

https://www.openssl.org/news/secadv/20160503.txt

https://www.tenable.com/security/tns-2016-18