Description The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Exploitability: 3.9 | Impact: 4.2 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: None
Availability: High
Affected Packages7 packages Show 2 more packages
🔴 Vulnerability Details2 GHSA GHSA-9p7f-7v7j-rq7j: The X509_NAME_oneline function in crypto/x509/x509_obj ↗ 2022-05-14 ▶ OSV CVE-2016-2176: The X509_NAME_oneline function in crypto/x509/x509_obj ↗ 2016-05-05 ▶
💥 Exploits & PoCs4 Metasploit Microsoft Exchange ProxyLogon Collector ↗ ▶ Metasploit Microsoft Exchange ProxyLogon Scanner ↗ ▶ Metasploit Microsoft Exchange ProxyShell RCE ↗ ▶ Metasploit Microsoft Exchange ProxyLogon RCE ↗ ▶
📋 Vendor Advisories10 Palo Alto PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent ↗ 2024-11-07 ▶ CISA ICS Siemens SCALANCE X-200RNA Switch Devices ↗ 2022-12-19 ▶ Palo Alto PAN-SA-2016-0023 OpenSSL Vulnerabilities ↗ 2016-09-02 ▶ Palo Alto PAN-SA-2016-0020 OpenSSL Vulnerabilities ↗ 2016-08-15 ▶ Apple CVE-2016-2176: OS X El Capitan v10.11.6 and Security Update 2016-004 ↗ 2016-07-18 ▶ Show 5 more
🕵️ Threat Intelligence1 Tenable [R5] OpenSSL '20160503' Advisory Affects Tenable Products ↗ 2016-05-18 ▶
💬 Community2 HackerOne EBCDIC overread (CVE-2016-2176) ↗ 2016-05-03 ▶ Bugzilla CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline() ↗ 2016-04-28 ▶