Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

CVE-2016-2105

Status Candidate

Overview

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Related Files

HP Security Bulletin HPESBHF03765 1
Posted Jul 26, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03765 1 - Potential security vulnerabilities in OpenSSL have been addressed in HPE Network Products including Comware v7 that is applicable for ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | c683a7b3bfd4e5f33311dd9c4610914c
HP Security Bulletin HPESBHF03756 1
Posted Jun 5, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03756 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 500b8f2098c44c7b3a1c12a8c1e13b95
Red Hat Security Advisory 2016-2957-01
Posted Dec 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2957-01 - This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix: This update fixes several flaws in OpenSSL.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2012-1148, CVE-2014-3523, CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3185, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
MD5 | 6a499e1d0b21844f40be708a5b2487c4
Gentoo Linux Security Advisory 201612-16
Posted Dec 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-16 - Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Versions less than 1.0.2j are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2178, CVE-2016-2180, CVE-2016-2183, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-7052
MD5 | f5124381acc5c4e9deed16a7d0aaf863
HP Security Bulletin HPSBMU03653 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03653 1 - Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss
systems | linux, windows
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-3739, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4342, CVE-2016-4343, CVE-2016-4393, CVE-2016-4394, CVE-2016-4395, CVE-2016-4396, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-5385, CVE-2016-5387, CVE-2016-5388
MD5 | b0a00ddd465b7222f8adb6967f5ebc81
Red Hat Security Advisory 2016-2073-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2073-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
MD5 | cd7ac945ed5a0a668c9947cebcef2660
Red Hat Security Advisory 2016-2056-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2056-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | 1ea1f4a4c42e4264c025287799499055
Red Hat Security Advisory 2016-2055-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2055-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | 0b9225a8efe500fbba09cd0ae097ee1e
Red Hat Security Advisory 2016-2054-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2054-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | d2e4c1a95f2124cc43b256a3aa2e0eaf
Red Hat Security Advisory 2016-1650-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1650-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2014-3570, CVE-2015-0204, CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
MD5 | 561d1b2b9dcfc2be2571b310eefc869c
Red Hat Security Advisory 2016-1649-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1649-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
MD5 | d2afc0a91c544823c784ebc3ebe9d97c
Red Hat Security Advisory 2016-1648-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1648-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
MD5 | 0b6f43fdf6e1ec3cd95e14894b2bd511
Apple Security Advisory 2016-07-18-1
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2014-9862, CVE-2016-0718, CVE-2016-1684, CVE-2016-1836, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4594, CVE-2016-4595, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, CVE-2016-4607
MD5 | 596904cffbf32a317a758cee9c7b9650
Red Hat Security Advisory 2016-0996-01
Posted May 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0996-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
MD5 | 53cebf0cff9310fb1df58e16416150e3
Red Hat Security Advisory 2016-0722-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
MD5 | bd6dcebb73d8d4732aa9bbb65c976218
FreeBSD Security Advisory - FreeBSD-SA-16:17.openssl
Posted May 5, 2016
Authored by OpenSSL Project | Site security.freebsd.org

FreeBSD Security Advisory - The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109] ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected. A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. [CVE-2016-2107] If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. [CVE-2016-2105] Any application parsing untrusted data through d2i BIO functions are vulnerable to memory exhaustion attack. [CVE-2016-2109] TLS applications are not affected.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109
MD5 | 0cd350926d2b0a4e5eb3cc47ba9a5d7d
Slackware Security Advisory - openssl Updates
Posted May 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 874179d01a49177c232e24f81614669e
OpenSSL Toolkit 1.0.2h
Posted May 3, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixes to prevent padding oracle in AES-NI CBC MAC check. Fixed various overflows and other security issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-0169, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
MD5 | 9392e65072ce4b614c1392eefc1f23d0
Ubuntu Security Notice USN-2959-1
Posted May 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
MD5 | 4925406da94e0165485ac54ee227166b
Debian Security Advisory 3566-1
Posted May 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 2c73861f374ae26a66c6684a585a8fed
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close