CVE-2016-0798
published 2016-03-03CVE-2016-0798: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of…
PriorityP345high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
24.41%
97.6th percentile
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 1.0.2g-1 (bookworm) | openssl 1.0.2g-1 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
BSD
FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities
bsd_advisories·2016-03-10·CVSS 5.1
CVE-2016-0702 [MEDIUM] FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities
FreeBSD-SA-16:12.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2016-03-10
Credits: OpenSSL Project
Affects: All supported versions of FreeBSD.
Corrected: 2016-03-04 00:40:15 UTC (stable/10, 10.2-BETA3)
2016-03-03 07:30:55 UTC (releng/10.2, 10.2-RELEASE-p13)
2016-03-03 07:30:55 UTC (releng/10.1, 10.1-RELEASE-p30)
2016-03-10 03:58:48 UTC (stable/9, 9.3-STABLE)
2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38)
CVE Name: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705
CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco·2016-03-02
CVE-2016-0702 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities.
DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol.
To execute a successful DROWN attack, the attacker m
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2016-03-01·CVSS 5.1
CVE-2016-0702 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was
vulnerable to a side-channel attack on modular exponentiation. On certain
CPUs, a local attacker could possibly use this issue to recover RSA keys.
This flaw is known as CacheBleed. (CVE-2016-0702)
Adam Langley discovered that OpenSSL incorrectly handled memory when
parsing DSA private keys. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-0705)
Guido Vranken discovered that OpenSSL incorrectly handled hex digit
calculation in the BN_hex2bn function. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a d
Red Hat
OpenSSL: Avoid memory leak in SRP
vendor_redhat·2016-02-25·CVSS 7.5
CVE-2016-0798 [HIGH] OpenSSL: Avoid memory leak in SRP
OpenSSL: Avoid memory leak in SRP
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
A memory leak flaw was found in the way OpenSSL performed SRP user database look-ups using the SRP_VBASE_get_by_user() function. A remote attacker connecting to certain SRP servers with an invalid user name could leak approximately 300 bytes of the server's memory per connection.
Statement: This issue does not affect the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 6 and 7, since these packages are compiled without SRP support.
Package: openssl (R
Debian
CVE-2016-0798: openssl - Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before ...
vendor_debian·2016·CVSS 7.5
CVE-2016-0798 [HIGH] CVE-2016-0798: openssl - Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before ...
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
Scope: local
bookworm: resolved (fixed in 1.0.2g-1)
bullseye: resolved (fixed in 1.0.2g-1)
forky: resolved (fixed in 1.0.2g-1)
sid: resolved (fixed in 1.0.2g-1)
trixie: resolved (fixed in 1.0.2g-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco
CVE-2016-0798 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
CVE-2016-0798: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities. DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol. To execute a successful DROWN attack, th
GHSA
GHSA-8wvj-cwfq-pc44: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1
ghsa_unreviewed·2022-05-17
CVE-2016-0798 [HIGH] GHSA-8wvj-cwfq-pc44: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
OSV
CVE-2016-0798: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1
osv·2016-03-03·CVSS 7.5
CVE-2016-0798 [HIGH] CVE-2016-0798: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
OSV
openssl vulnerabilities
osv·2016-03-01·CVSS 5.1
CVE-2016-0702 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was
vulnerable to a side-channel attack on modular exponentiation. On certain
CPUs, a local attacker could possibly use this issue to recover RSA keys.
This flaw is known as CacheBleed. (CVE-2016-0702)
Adam Langley discovered that OpenSSL incorrectly handled memory when
parsing DSA private keys. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-0705)
Guido Vranken discovered that OpenSSL incorrectly handled hex digit
calculation in the BN_hex2bn function. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-0798 OpenSSL: Avoid memory leak in SRP
bugzilla·2016-02-25·CVSS 7.5
CVE-2016-0798 [HIGH] CVE-2016-0798 OpenSSL: Avoid memory leak in SRP
CVE-2016-0798 OpenSSL: Avoid memory leak in SRP
As per Upstream advisory:
The SRP user database lookup method SRP_VBASE_get_by_user had
confusing memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no way of
distinguishing these two cases.
Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection. Servers that do not configure SRP, or
configure SRP but do not configure a seed are not vulnerable.
In Apache, the seed directive is known as SSLSRPUnknownUserSeed.
To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now
Tenable
[R12] OpenSSL '20160301' Advisory Affects Tenable Products
blogs_tenable·2016-03-02
[R12] OpenSSL '20160301' Advisory Affects Tenable Products
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://openssl.org/news/secadv/20160301.txthttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslhttp://www.debian.org/security/2016/dsa-3500http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/83705http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035133http://www.ubuntu.com/usn/USN-2914-1https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.aschttps://security.gentoo.org/glsa/201603-15https://www.openssl.org/news/secadv/20160301.txthttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://openssl.org/news/secadv/20160301.txthttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslhttp://www.debian.org/security/2016/dsa-3500http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/83705http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035133http://www.ubuntu.com/usn/USN-2914-1https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.aschttps://security.gentoo.org/glsa/201603-15https://www.openssl.org/news/secadv/20160301.txt
2016-03-03
Published