Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-0705

Опубликовано: 18 фев. 2016
Источник: redhat
CVSS2: 2.6
EPSS Средний

Описание

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Linux Extended Update Support 6.7guest-imagesAffected
Red Hat Enterprise Linux Extended Update Support 7.2rhel-guest-imageAffected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected
Red Hat JBoss Enterprise Web Server 3opensslAffected
Red Hat Enterprise Linux 6opensslFixedRHSA-2016:030101.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1310596OpenSSL: Double-free in DSA code

EPSS

Процентиль: 95%
0.20656
Средний

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-0705

CVSS3: 9.8
ubuntu
больше 9 лет назад

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

nvd логотип

CVE-2016-0705

CVSS3: 9.8
nvd
больше 9 лет назад

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

debian логотип

CVE-2016-0705

CVSS3: 9.8
debian
больше 9 лет назад

Double free vulnerability in the dsa_priv_decode function in crypto/ds ...

github логотип

GHSA-jq9m-v5x9-ppg9

CVSS3: 9.8
github
около 3 лет назад

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

fstec логотип

BDU:2016-00631

fstec
больше 9 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

EPSS

Процентиль: 95%
0.20656
Средний

2.6 Low

CVSS2

Уязвимость CVE-2016-0705