CVE-2016-6304 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
openssl	openssl	1.0.2
openssl	openssl	1.0.2:beta1
openssl	openssl	1.0.2:beta2
openssl	openssl	1.0.2:beta3
openssl	openssl	1.0.2a:a
openssl	openssl	1.0.2b:b
openssl	openssl	1.0.2c:c
openssl	openssl	1.0.2d:d
openssl	openssl	1.0.2e:e
openssl	openssl	1.0.2f:f
openssl	openssl	1.0.2h:h
openssl	openssl	1.1.0
openssl	openssl	1.0.1
openssl	openssl	1.0.1:beta1
openssl	openssl	1.0.1:beta2
openssl	openssl	1.0.1:beta3
openssl	openssl	1.0.1a:a
openssl	openssl	1.0.1b:b
openssl	openssl	1.0.1c:c
openssl	openssl	1.0.1d:d
openssl	openssl	1.0.1e:e
openssl	openssl	1.0.1f:f
openssl	openssl	1.0.1g:g
openssl	openssl	1.0.1h:h
openssl	openssl	1.0.1i:i
openssl	openssl	1.0.1j:j
openssl	openssl	1.0.1k:k
openssl	openssl	1.0.1l:l
openssl	openssl	1.0.1m:m
openssl	openssl	1.0.1n:n
openssl	openssl	1.0.1o:o
openssl	openssl	1.0.1p:p
openssl	openssl	1.0.1q:q
openssl	openssl	1.0.1r:r
openssl	openssl	1.0.1s:s
openssl	openssl	1.0.1t:t
nodejs	node.js	0.10.0 ≤ 𝑥 < 0.10.47
nodejs	node.js	0.12.0 ≤ 𝑥 < 0.12.16
nodejs	node.js	4.0.0 ≤ 𝑥 < 4.6.0
nodejs	node.js	6.0.0 ≤ 𝑥 < 6.7.0
novell	suse_linux_enterprise_module_for_web_scripting	12.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

disco	Fixed 1.0.2g-1ubuntu9 released
cosmic	Fixed 1.0.2g-1ubuntu9 released
bionic	Fixed 1.0.2g-1ubuntu9 released
artful	Fixed 1.0.2g-1ubuntu9 released
zesty	Fixed 1.0.2g-1ubuntu9 released
yakkety	Fixed 1.0.2g-1ubuntu9 released
xenial	Fixed 1.0.2g-1ubuntu4.4 released
trusty	Fixed 1.0.1f-1ubuntu2.20 released
precise	Fixed 1.0.1-4ubuntu5.37 released

openssl098

disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
trusty	dne
precise	ignored

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://rhn.redhat.com/errata/RHSA-2016-2802.html

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://rhn.redhat.com/errata/RHSA-2017-1659.html

http://seclists.org/fulldisclosure/2016/Dec/47

http://seclists.org/fulldisclosure/2016/Oct/62

http://seclists.org/fulldisclosure/2017/Jul/31

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.debian.org/security/2016/dsa-3673

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/bid/93150

http://www.securitytracker.com/id/1036878

http://www.securitytracker.com/id/1037640

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

http://www.ubuntu.com/usn/USN-3087-1

http://www.ubuntu.com/usn/USN-3087-2

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1658

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:2493

https://access.redhat.com/errata/RHSA-2017:2494

https://bto.bluecoat.com/security-advisory/sa132

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://kc.mcafee.com/corporate/index?page=content&id=SB10171

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

https://security.gentoo.org/glsa/201612-16

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

https://www.openssl.org/news/secadv/20160922.txt

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-20

https://www.tenable.com/security/tns-2016-21

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html

http://rhn.redhat.com/errata/RHSA-2016-1940.html

http://rhn.redhat.com/errata/RHSA-2016-2802.html

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://rhn.redhat.com/errata/RHSA-2017-1659.html

http://seclists.org/fulldisclosure/2016/Dec/47

http://seclists.org/fulldisclosure/2016/Oct/62

http://seclists.org/fulldisclosure/2017/Jul/31

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.debian.org/security/2016/dsa-3673

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/bid/93150

http://www.securitytracker.com/id/1036878

http://www.securitytracker.com/id/1037640

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

http://www.ubuntu.com/usn/USN-3087-1

http://www.ubuntu.com/usn/USN-3087-2

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1658

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:2493

https://access.redhat.com/errata/RHSA-2017:2494

https://bto.bluecoat.com/security-advisory/sa132

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://kc.mcafee.com/corporate/index?page=content&id=SB10171

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

https://security.gentoo.org/glsa/201612-16

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

https://www.openssl.org/news/secadv/20160922.txt

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-20

https://www.tenable.com/security/tns-2016-21