CVE-2016-2177 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
hp	icewall_mcrp	3.0
hp	icewall_sso	10.0
hp	icewall_sso	10.0
hp	icewall_sso_agent_option	10.0
openssl	openssl	1.0.1
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i
openssl	openssl	1.0.1j:j
openssl	openssl	1.0.1k:k
openssl	openssl	1.0.1l:l
openssl	openssl	1.0.1m:m
openssl	openssl	1.0.1n:n
openssl	openssl	1.0.1o:o
openssl	openssl	1.0.1p:p
openssl	openssl	1.0.1q:q
openssl	openssl	1.0.1r:r
openssl	openssl	1.0.1s:s
openssl	openssl	1.0.1t:t
openssl	openssl	1.0.2
openssl	openssl	1.0.2a:a
openssl	openssl	1.0.2b:b
openssl	openssl	1.0.2c:c
openssl	openssl	1.0.2d:d
openssl	openssl	1.0.2e:e
openssl	openssl	1.0.2f:f
openssl	openssl	1.0.2g:g
openssl	openssl	1.0.2h:h
oracle	solaris	11.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

disco	Fixed 1.0.2g-1ubuntu9 released
cosmic	Fixed 1.0.2g-1ubuntu9 released
bionic	Fixed 1.0.2g-1ubuntu9 released
artful	Fixed 1.0.2g-1ubuntu9 released
zesty	Fixed 1.0.2g-1ubuntu9 released
yakkety	Fixed 1.0.2g-1ubuntu9 released
xenial	Fixed 1.0.2g-1ubuntu4.4 released
wily	ignored
trusty	Fixed 1.0.1f-1ubuntu2.22 released
precise	Fixed 1.0.1-4ubuntu5.39 released

openssl098

disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
wily	dne
trusty	dne
precise	ignored

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://rhn.redhat.com/errata/RHSA-2017-1659.html

http://seclists.org/fulldisclosure/2017/Jul/31

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.debian.org/security/2016/dsa-3673

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

http://www.openwall.com/lists/oss-security/2016/06/08/9

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/archive/1/540957/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded

http://www.securityfocus.com/bid/91319

http://www.securitytracker.com/id/1036088

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

http://www.ubuntu.com/usn/USN-3087-1

http://www.ubuntu.com/usn/USN-3087-2

http://www.ubuntu.com/usn/USN-3181-1

https://access.redhat.com/errata/RHSA-2017:0193

https://access.redhat.com/errata/RHSA-2017:0194

https://access.redhat.com/errata/RHSA-2017:1658

https://bto.bluecoat.com/security-advisory/sa132

https://bugzilla.redhat.com/show_bug.cgi?id=1341705

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://kc.mcafee.com/corporate/index?page=content&id=SB10165

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

https://security.gentoo.org/glsa/201612-16

https://support.f5.com/csp/article/K23873366

https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager

https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/

https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-20

https://www.tenable.com/security/tns-2016-21

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://rhn.redhat.com/errata/RHSA-2017-1659.html

http://seclists.org/fulldisclosure/2017/Jul/31

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.debian.org/security/2016/dsa-3673

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

http://www.openwall.com/lists/oss-security/2016/06/08/9

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/archive/1/540957/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded

http://www.securityfocus.com/bid/91319

http://www.securitytracker.com/id/1036088

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

http://www.ubuntu.com/usn/USN-3087-1

http://www.ubuntu.com/usn/USN-3087-2

http://www.ubuntu.com/usn/USN-3181-1

https://access.redhat.com/errata/RHSA-2017:0193

https://access.redhat.com/errata/RHSA-2017:0194

https://access.redhat.com/errata/RHSA-2017:1658

https://bto.bluecoat.com/security-advisory/sa132

https://bugzilla.redhat.com/show_bug.cgi?id=1341705

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://kc.mcafee.com/corporate/index?page=content&id=SB10165

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

https://security.gentoo.org/glsa/201612-16

https://support.f5.com/csp/article/K23873366

https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager

https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/

https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-20

https://www.tenable.com/security/tns-2016-21