Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2180

Опубликовано: 21 июл. 2016
Источник: redhat
CVSS3: 5.1
CVSS2: 1.9
EPSS Низкий

Описание

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat JBoss Core ServicesopensslNot affected
Red Hat JBoss Enterprise Application Platform 5opensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslNot affected
Red Hat JBoss Enterprise Web Server 2opensslNot affected
Red Hat JBoss Enterprise Web Server 3opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1359615OpenSSL: OOB read in TS_OBJ_print_bio()

EPSS

Процентиль: 89%
0.04718
Низкий

5.1 Medium

CVSS3

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2180

CVSS3: 7.5
ubuntu
почти 9 лет назад

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

nvd логотип

CVE-2016-2180

CVSS3: 7.5
nvd
почти 9 лет назад

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

debian логотип

CVE-2016-2180

CVSS3: 7.5
debian
почти 9 лет назад

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Publi ...

github логотип

GHSA-9mvv-53wm-cpqm

CVSS3: 7.5
github
около 3 лет назад

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

fstec логотип

BDU:2022-02556

CVSS3: 7.5
fstec
почти 9 лет назад

Уязвимость функции ts_obj_print_bio библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 89%
0.04718
Низкий

5.1 Medium

CVSS3

1.9 Low

CVSS2