CVE-2016-2108

Опубликовано: 05 мая 2016

Источник: ubuntu

Приоритет: high

CVSS2: 10

CVSS3: 9.8

Описание

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Релиз	Статус	Примечание
artful	released	1.0.2g-1ubuntu5
bionic	released	1.0.2g-1ubuntu5
cosmic	released	1.0.2g-1ubuntu5
devel	released	1.0.2g-1ubuntu5
disco	released	1.0.2g-1ubuntu5
esm-infra-legacy/trusty	not-affected	1.0.1f-1ubuntu2.19
esm-infra/bionic	not-affected	1.0.2g-1ubuntu5
esm-infra/xenial	not-affected	1.0.2g-1ubuntu4.1
precise	released	1.0.1-4ubuntu5.36
precise/esm	not-affected	1.0.1-4ubuntu5.36

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was needs-triage

Показывать по

Ссылки на источники

10 Critical

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2016-2108

CVSS3: 5.6

redhat

около 9 лет назад

CVE-2016-2108

CVSS3: 9.8

nvd

около 9 лет назад

CVE-2016-2108

CVSS3: 9.8

debian

около 9 лет назад

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0 ...

GHSA-cf8v-cq93-65gh

CVSS3: 9.8

github

около 3 лет назад

ELSA-2016-1137

oracle-oval

около 9 лет назад

ELSA-2016-1137: openssl security update (IMPORTANT)

10 Critical

CVSS2

9.8 Critical

CVSS3

CVE-2016-2108

Описание

Пакет openssl

Пакет openssl098

Ссылки на источники

Связанные уязвимости