CVE-2016-7054
published 2017-05-04CVE-2016-7054: In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can…
PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
32.39%
98.1th percentile
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 1.1.0c-1 (bookworm) | openssl 1.1.0c-1 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
| openssl | openssl | >= 0 < 1.1.0c-1 | 1.1.0c-1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3rqr-v2gc-jxp4: In OpenSSL 1
ghsa_unreviewed·2022-05-17
CVE-2016-7054 [HIGH] CWE-284 GHSA-3rqr-v2gc-jxp4: In OpenSSL 1
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
OSV
CVE-2016-7054: In OpenSSL 1
osv·2017-05-04·CVSS 7.5
CVE-2016-7054 [HIGH] CVE-2016-7054: In OpenSSL 1
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
vendor_cisco·2016-11-14
CVE-2016-7053 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and one as “Low Severity.”
Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
Red Hat
openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS
vendor_redhat·2016-11-10·CVSS 7.5
CVE-2016-7054 [HIGH] CWE-122 openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS
openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat Enterprise Linux 7) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 7) - Not affected
Package: OVMF (Red Hat Enterprise Linux 7) - Not affected
Package: openssl
Debian
CVE-2016-7054: openssl - In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 cipher...
vendor_debian·2016·CVSS 7.5
CVE-2016-7054 [HIGH] CVE-2016-7054: openssl - In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 cipher...
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
Scope: local
bookworm: resolved (fixed in 1.1.0c-1)
bullseye: resolved (fixed in 1.1.0c-1)
forky: resolved (fixed in 1.1.0c-1)
sid: resolved (fixed in 1.1.0c-1)
trixie: resolved (fixed in 1.1.0c-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
vendor_cisco
CVE-2016-7054 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
CVE-2016-7054: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. Of these vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and one as “Low Severity.” Two of the vulnerabilities affect only recent OpenSSL versions in the 1.1.0 release series. The remaining Low Severity vulnerability affects OpenSSL versions in the 1.0.2 and 1.1.0 release series. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
CWE: CWE-1
No detection rules found.
arXiv
Verified Low-Level Programming Embedded in F*
arxiv_fulltext·2018-12-11
Verified Low-Level Programming Embedded in F*
papersize=8.5in,11in
Verified Low-Level Programming Embedded in
Jonathan Protzenko
Microsoft Research , USA
Jean-Karim Zinzindohoué
INRIA Paris , France
Aseem Rastogi
Microsoft Research , USA
Tahina Ramananandro
Microsoft Research , USA
Peng Wang
MIT CSAIL , USA
Santiago Zanella-Béguelin
Microsoft Research , USA
Antoine Delignat-Lavaud
Microsoft Research , USA
Catalin Hritcu
INRIA Paris , France
Karthikeyan Bhargavan
INRIA Paris , France
Cédric Fournet
Microsoft Research , USA
Nikhil Swamy
Microsoft Research , USA
\@shortauthorsProtzenko et.al.
CCSXML
10003752.10003790.10011741
Theory of computation Hoare logic
500
10003752.10003790.10011740
Theory of computation Type theory
300
10011007.10010940.10010992.10010993
Software and its engineering Correctness
500
10011007.10010940.1
Bugzilla
CVE-2016-7054 openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS
bugzilla·2016-11-10·CVSS 7.5
CVE-2016-7054 [HIGH] CVE-2016-7054 openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS
CVE-2016-7054 openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS
Quoting form the OpenSSL upstream advisory:
ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
Severity: High
TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS
attack by corrupting larger payloads. This can result in an OpenSSL crash. This
issue is not considered to be exploitable beyond a DoS.
OpenSSL 1.1.0 users should upgrade to 1.1.0c
This issue does not affect OpenSSL versions prior to 1.1.0
This issue was reported to OpenSSL on 25th September 2016 by Robert
Święcki (Google Security Team), and was found using honggfuzz. The fix
was developed by Richard Levitte of the OpenSSL development team.
External References:
https://www.openssl.org/ne
Fortinet
An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737)
blogs_fortinet·2018-01-12·CVSS 5.9
CVE-2017-3737 [MEDIUM] An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737)
FORTIGUARD LABS THREAT RESEARCH
An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737)
By Dehui Yin | January 12, 2018
OpenSSL is a widely used library for SSL and TLS protocol implementation that secures data using encryption and decryption based on cryptographic functions. However, a Security Bypass vulnerability – recently addressed in a patch by the OpenSSL Project –can be exploited to make vulnerable SSL clients or remote SSL servers send clean application data without encryption.
This Security Bypass vulnerability (CVE-2017-3737) is caused by an error when the SSL_read or SSL_write function handles an "error state" during an SSL handshake. In this paper the FortiGuard Labs team examines the root cause of this vulnerability.
The "error state" mechanis
Fortinet
Analysis of OpenSSL ChaCha20-Poly1305 Heap Buffer Overflow (CVE-2016-7054)
blogs_fortinet·2016-11-23·CVSS 7.5
CVE-2016-7054 [HIGH] Analysis of OpenSSL ChaCha20-Poly1305 Heap Buffer Overflow (CVE-2016-7054)
FORTIGUARD LABS THREAT RESEARCH
Analysis of OpenSSL ChaCha20-Poly1305 Heap Buffer Overflow (CVE-2016-7054)
By Dehui Yin | November 23, 2016
AHigh-Severity Heap Buffer Overflow vulnerability was recently fixed in a patch by Openssl Project. This vulnerability affects the remote SSL servers that support the ChaCha20-Poly1305 cipher suite, and can be exploited to crash the SSL service.
This High-Severity Heap Buffer Overflow vulnerability (CVE-2016-7054) is caused by an error when the ChaCha20-Poly1305 cipher suite is decrypting large amounts of application data. We will examine the root cause of this vulnerability in this post.
The ChaCha20-Poly1305 cipher suite is a new form of encryption which can improve mobile performance. It was introduced as a new feature in OpenSSL 1.1.x, and is s
http://www.securityfocus.com/bid/94238http://www.securitytracker.com/id/1037261https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_ushttps://www.exploit-db.com/exploits/40899/https://www.openssl.org/news/secadv/20161110.txthttp://www.securityfocus.com/bid/94238http://www.securitytracker.com/id/1037261https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_ushttps://www.exploit-db.com/exploits/40899/https://www.openssl.org/news/secadv/20161110.txt
2017-05-04
Published