Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-0798

Опубликовано: 03 мар. 2016
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 7.8
CVSS3: 7.5

Описание

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

РелизСтатусПримечание
devel

released

1.0.2g-1ubuntu2
esm-infra-legacy/trusty

released

1.0.1f-1ubuntu2.18
esm-infra/xenial

released

1.0.2g-1ubuntu2
precise

released

1.0.1-4ubuntu5.35
trusty

released

1.0.1f-1ubuntu2.18
trusty/esm

released

1.0.1f-1ubuntu2.18
upstream

needs-triage

vivid/stable-phone-overlay

released

1.0.1f-1ubuntu11.6
vivid/ubuntu-core

released

1.0.1f-1ubuntu11.6
wily

released

1.0.2d-0ubuntu1.4

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [code not present]]
precise

not-affected

code not present
trusty

not-affected

code not present
trusty/esm

DNE

trusty was not-affected [code not present]
upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

xenial

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 96%
0.26161
Средний

7.8 High

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-0798

redhat
почти 10 лет назад

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

nvd логотип

CVE-2016-0798

CVSS3: 7.5
nvd
почти 10 лет назад

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

debian логотип

CVE-2016-0798

CVSS3: 7.5
debian
почти 10 лет назад

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0 ...

github логотип

GHSA-8wvj-cwfq-pc44

CVSS3: 7.5
github
больше 3 лет назад

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

fstec логотип

BDU:2016-00633

fstec
почти 10 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 96%
0.26161
Средний

7.8 High

CVSS2

7.5 High

CVSS3