CVE-2016-2108
Severity
9.8CRITICAL
EPSS
37.0%
top 2.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 5
Latest updateMay 14
Description
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages8 packages
Also affects: Enterprise Linux 7.2
🔴Vulnerability Details
4📋Vendor Advisories
6Android▶
CVE-2016-2108: Android Security Bulletin 2016-07-01
CVE: CVE-2016-2108
Severity: CRITICAL
Affected AOSP versions: 4↗2016-07-01
💬Community
5Bugzilla▶
CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 mingw-openssl: various flaws [epel-7]↗2016-05-03
Bugzilla▶
CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 openssl: various flaws [fedora-all]↗2016-05-03
Bugzilla▶
CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 mingw-openssl: various flaws [fedora-all]↗2016-05-03
Bugzilla▶
CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 openssl101e: various flaws [epel-5]↗2016-05-03