what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

CVE-2016-2106

Status Candidate

Overview

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Related Files

HPE Security Bulletin HPESBHF03765 1
Posted Jul 26, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03765 1 - Potential security vulnerabilities in OpenSSL have been addressed in HPE Network Products including Comware v7 that is applicable for ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
SHA-256 | 022069972577db48d8cb81bb5e40218f836f168ecf9948fbce4699190ff05d6d
HPE Security Bulletin HPESBHF03756 1
Posted Jun 5, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03756 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
SHA-256 | a0ee99b3d56b95fb9463524723438bd2b461df7691a15596db5994f5045fe8ec
Red Hat Security Advisory 2016-2957-01
Posted Dec 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2957-01 - This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix: This update fixes several flaws in OpenSSL.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2012-1148, CVE-2014-3523, CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3185, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
SHA-256 | 74baff33a674c45e41ccf55a650db1510528f79d7721465b4047850b17a58f49
Gentoo Linux Security Advisory 201612-16
Posted Dec 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-16 - Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Versions less than 1.0.2j are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2178, CVE-2016-2180, CVE-2016-2183, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-7052
SHA-256 | 267f0c13083d309d4f011bd2771d90788d5f04ad963b99fcd180d27463f73d7a
HP Security Bulletin HPSBMU03653 1
Posted Oct 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03653 1 - Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss
systems | linux, windows
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-3739, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4342, CVE-2016-4343, CVE-2016-4393, CVE-2016-4394, CVE-2016-4395, CVE-2016-4396, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-5385, CVE-2016-5387, CVE-2016-5388
SHA-256 | 8c670a2d763c2a2f7a69a05242741bdf9441d037d1584c704b9fdff983643e06
Red Hat Security Advisory 2016-2073-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2073-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
SHA-256 | 016924697aba2b3c0ed2a4b898dbf325da5ec9106c04351d7f374f3485979f2c
Red Hat Security Advisory 2016-2056-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2056-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
SHA-256 | ea553c08860849009667df96d4bb4ac9f9ed5393a7a1d6d2528f751f1ce0f397
Red Hat Security Advisory 2016-2055-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2055-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
SHA-256 | a7b2eb5a9c12ee9bc53605cee9a680c2b81ac5bb1418a9f70a03df56e04036ad
Red Hat Security Advisory 2016-2054-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2054-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
SHA-256 | 982c4a7bfd70d24e72be40bff675e274e81f1aba2542d3e8c93db025c8315296
Red Hat Security Advisory 2016-1650-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1650-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2014-3570, CVE-2015-0204, CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
SHA-256 | 1fdd97874e8f34357aa4e0e66133e9488d4279f97fb76a354f29754e7682ff4a
Red Hat Security Advisory 2016-1649-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1649-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
SHA-256 | 6f912c3eac60b24e5fcc49c83f0bc9b2f7d63a1d9a3b172fda35193e1fba6f6f
Red Hat Security Advisory 2016-1648-01
Posted Aug 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1648-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-3110, CVE-2016-5387
SHA-256 | 0fbbe7de26ce0f8882caf38888994f49325573c52f60f9e0cd5197f1f5fc4906
Apple Security Advisory 2016-07-18-1
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2014-9862, CVE-2016-0718, CVE-2016-1684, CVE-2016-1836, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4594, CVE-2016-4595, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, CVE-2016-4607
SHA-256 | a2d9354c4a7f6ea06efa521cdd6516fbf0a138a5ca0981e16938eab249ee9d7d
Red Hat Security Advisory 2016-0996-01
Posted May 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0996-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
SHA-256 | e30f7519e808449e16c91c662d98dc42f4e2dc6fc5bfc08f26313f72e14a7848
Red Hat Security Advisory 2016-0722-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
SHA-256 | 20a21fae0cd061a2508b8804879648afc5786156f2cbd54707709f649be74caf
FreeBSD Security Advisory - FreeBSD-SA-16:17.openssl
Posted May 5, 2016
Authored by OpenSSL Project | Site security.freebsd.org

FreeBSD Security Advisory - The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109] ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected. A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. [CVE-2016-2107] If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. [CVE-2016-2105] Any application parsing untrusted data through d2i BIO functions are vulnerable to memory exhaustion attack. [CVE-2016-2109] TLS applications are not affected.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109
SHA-256 | 182b52531dd70de627d6fe99dbbd9fa0404b54c26fd1b7e6a5ebb96e63de362d
Slackware Security Advisory - openssl Updates
Posted May 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
SHA-256 | 3f118981496e63886aa974525d1e2523667d8339e4be3f141768f5ce2db6fa52
OpenSSL Toolkit 1.0.2h
Posted May 3, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixes to prevent padding oracle in AES-NI CBC MAC check. Fixed various overflows and other security issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-0169, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
SHA-256 | 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
Ubuntu Security Notice USN-2959-1
Posted May 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
SHA-256 | 3fb297642dda424c9a2fdccf91144e60ea85032eaaa5c25bace6373ceec41e05
Debian Security Advisory 3566-1
Posted May 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
SHA-256 | c4d2a15eb0d1dceb59a021eef09bc9edd0bfe8717d7f9c3514d177c58c51295f
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close