CVE-2016-7053
published 2017-05-04CVE-2016-7053: In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling…
PriorityP346high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
21.68%
97.3th percentile
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 1.1.0c-1 (bookworm) | openssl 1.1.0c-1 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
vendor_cisco·2016-11-14
CVE-2016-7053 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and one as “Low Severity.”
Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
Red Hat
openssl: CMS Null dereference vulnerability
vendor_redhat·2016-11-10·CVSS 7.5
CVE-2016-7053 [HIGH] CWE-476 openssl: CMS Null dereference vulnerability
openssl: CMS Null dereference vulnerability
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat Enterprise Linux 7) - Not affected
Package: openssl098e
Debian
CVE-2016-7053: openssl - In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can ...
vendor_debian·2016·CVSS 7.5
CVE-2016-7053 [HIGH] CVE-2016-7053: openssl - In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can ...
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.
Scope: local
bookworm: resolved (fixed in 1.1.0c-1)
bullseye: resolved (fixed in 1.1.0c-1)
forky: resolved (fixed in 1.1.0c-1)
sid: resolved (fixed in 1.1.0c-1)
trixie: resolved (fixed in 1.1.0c-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
vendor_cisco
CVE-2016-7053 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
CVE-2016-7053: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and one as “Low Severity.” Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
CWE: CWE-1
GHSA
GHSA-hp2v-mmp5-5mcx: In OpenSSL 1
ghsa_unreviewed·2022-05-17
CVE-2016-7053 [HIGH] CWE-476 GHSA-hp2v-mmp5-5mcx: In OpenSSL 1
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.
OSV
CVE-2016-7053: In OpenSSL 1
osv·2017-05-04·CVSS 7.5
CVE-2016-7053 [HIGH] CVE-2016-7053: In OpenSSL 1
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/94244http://www.securitytracker.com/id/1037261https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_ushttps://www.openssl.org/news/secadv/20161110.txthttp://www.securityfocus.com/bid/94244http://www.securitytracker.com/id/1037261https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_ushttps://www.openssl.org/news/secadv/20161110.txt
2017-05-04
Published