CVE-2016-2182 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
hp	icewall_federation_agent	3.0
hp	icewall_mcrp	3.0
hp	icewall_sso	10.0
hp	icewall_sso	10.0
hp	icewall_sso_agent_option	10.0
openssl	openssl	1.0.1
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i
openssl	openssl	1.0.1j:j
openssl	openssl	1.0.1k:k
openssl	openssl	1.0.1l:l
openssl	openssl	1.0.1m:m
openssl	openssl	1.0.1n:n
openssl	openssl	1.0.1o:o
openssl	openssl	1.0.1p:p
openssl	openssl	1.0.1q:q
openssl	openssl	1.0.1r:r
openssl	openssl	1.0.1s:s
openssl	openssl	1.0.1t:t
openssl	openssl	1.0.2
openssl	openssl	1.0.2a:a
openssl	openssl	1.0.2b:b
openssl	openssl	1.0.2c:c
openssl	openssl	1.0.2d:d
openssl	openssl	1.0.2e:e
openssl	openssl	1.0.2f:f
openssl	openssl	1.0.2g:g
openssl	openssl	1.0.2h:h

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

disco	Fixed 1.0.2g-1ubuntu9 released
cosmic	Fixed 1.0.2g-1ubuntu9 released
bionic	Fixed 1.0.2g-1ubuntu9 released
artful	Fixed 1.0.2g-1ubuntu9 released
zesty	Fixed 1.0.2g-1ubuntu9 released
yakkety	Fixed 1.0.2g-1ubuntu9 released
xenial	Fixed 1.0.2g-1ubuntu4.4 released
trusty	Fixed 1.0.1f-1ubuntu2.20 released
precise	Fixed 1.0.1-4ubuntu5.37 released

openssl098

disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
trusty	dne
precise	ignored

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://seclists.org/fulldisclosure/2017/Jul/31

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.debian.org/security/2016/dsa-3673

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/bid/92557

http://www.securitytracker.com/id/1036688

http://www.securitytracker.com/id/1037968

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

http://www.ubuntu.com/usn/USN-3087-1

http://www.ubuntu.com/usn/USN-3087-2

https://access.redhat.com/errata/RHSA-2018:2185

https://access.redhat.com/errata/RHSA-2018:2186

https://access.redhat.com/errata/RHSA-2018:2187

https://bto.bluecoat.com/security-advisory/sa132

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://kc.mcafee.com/corporate/index?page=content&id=SB10171

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

https://source.android.com/security/bulletin/2017-03-01

https://source.android.com/security/bulletin/2017-03-01.html

https://support.f5.com/csp/article/K01276005

https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-20

https://www.tenable.com/security/tns-2016-21

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://seclists.org/fulldisclosure/2017/Jul/31

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.debian.org/security/2016/dsa-3673

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/bid/92557

http://www.securitytracker.com/id/1036688

http://www.securitytracker.com/id/1037968

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

http://www.ubuntu.com/usn/USN-3087-1

http://www.ubuntu.com/usn/USN-3087-2

https://access.redhat.com/errata/RHSA-2018:2185

https://access.redhat.com/errata/RHSA-2018:2186

https://access.redhat.com/errata/RHSA-2018:2187

https://bto.bluecoat.com/security-advisory/sa132

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://kc.mcafee.com/corporate/index?page=content&id=SB10171

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

https://source.android.com/security/bulletin/2017-03-01

https://source.android.com/security/bulletin/2017-03-01.html

https://support.f5.com/csp/article/K01276005

https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-20

https://www.tenable.com/security/tns-2016-21