CVE-2016-2182

First published: Tue Aug 16 2016(Updated: )

An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/jbcs-httpd24-apache-commons-daemon	<0:1.1.0-1.redhat_2.1.jbcs.el6	0:1.1.0-1.redhat_2.1.jbcs.el6
redhat/jbcs-httpd24-apache-commons-daemon-jsvc	<1:1.1.0-1.redhat_2.jbcs.el6	1:1.1.0-1.redhat_2.jbcs.el6
redhat/jbcs-httpd24-apr	<0:1.6.3-14.jbcs.el6	0:1.6.3-14.jbcs.el6
redhat/jbcs-httpd24-apr-util	<0:1.6.1-9.jbcs.el6	0:1.6.1-9.jbcs.el6
redhat/jbcs-httpd24-httpd	<0:2.4.29-17.jbcs.el6	0:2.4.29-17.jbcs.el6
redhat/jbcs-httpd24-nghttp2	<0:1.29.0-8.jbcs.el6	0:1.29.0-8.jbcs.el6
redhat/jbcs-httpd24-openssl	<1:1.0.2n-11.jbcs.el6	1:1.0.2n-11.jbcs.el6
redhat/jbcs-httpd24-apache-commons-daemon	<0:1.1.0-1.redhat_2.1.jbcs.el7	0:1.1.0-1.redhat_2.1.jbcs.el7
redhat/jbcs-httpd24-apache-commons-daemon-jsvc	<1:1.1.0-1.redhat_2.jbcs.el7	1:1.1.0-1.redhat_2.jbcs.el7
redhat/jbcs-httpd24-apr	<0:1.6.3-14.jbcs.el7	0:1.6.3-14.jbcs.el7
redhat/jbcs-httpd24-apr-util	<0:1.6.1-9.jbcs.el7	0:1.6.1-9.jbcs.el7
redhat/jbcs-httpd24-httpd	<0:2.4.29-17.jbcs.el7	0:2.4.29-17.jbcs.el7
redhat/jbcs-httpd24-nghttp2	<0:1.29.0-8.jbcs.el7	0:1.29.0-8.jbcs.el7
redhat/jbcs-httpd24-openssl	<1:1.0.2n-11.jbcs.el7	1:1.0.2n-11.jbcs.el7
redhat/openssl	<0:1.0.1e-48.el6_8.3	0:1.0.1e-48.el6_8.3
redhat/openssl	<1:1.0.1e-51.el7_2.7	1:1.0.1e-51.el7_2.7
Hp Icewall Federation Agent	=3.0
Hp Icewall Mcrp	=3.0
HP IceWall SSO	=10.0
HP IceWall SSO	=10.0
HP IceWall SSO Agent Option	=10.0
OpenSSL OpenSSL	=1.0.1
OpenSSL OpenSSL	=1.0.1a
OpenSSL OpenSSL	=1.0.1b
OpenSSL OpenSSL	=1.0.1c
OpenSSL OpenSSL	=1.0.1d
OpenSSL OpenSSL	=1.0.1e
OpenSSL OpenSSL	=1.0.1f
OpenSSL OpenSSL	=1.0.1g
OpenSSL OpenSSL	=1.0.1h
OpenSSL OpenSSL	=1.0.1i
OpenSSL OpenSSL	=1.0.1j
OpenSSL OpenSSL	=1.0.1k
OpenSSL OpenSSL	=1.0.1l
OpenSSL OpenSSL	=1.0.1m
OpenSSL OpenSSL	=1.0.1n
OpenSSL OpenSSL	=1.0.1o
OpenSSL OpenSSL	=1.0.1p
OpenSSL OpenSSL	=1.0.1q
OpenSSL OpenSSL	=1.0.1r
OpenSSL OpenSSL	=1.0.1s
OpenSSL OpenSSL	=1.0.1t
OpenSSL OpenSSL	=1.0.2
OpenSSL OpenSSL	=1.0.2a
OpenSSL OpenSSL	=1.0.2b
OpenSSL OpenSSL	=1.0.2c
OpenSSL OpenSSL	=1.0.2d
OpenSSL OpenSSL	=1.0.2e
OpenSSL OpenSSL	=1.0.2f
OpenSSL OpenSSL	=1.0.2g
OpenSSL OpenSSL	=1.0.2h
Oracle Linux	=5
Oracle Linux	=6
Oracle Linux	=7
redhat/openssl	<1.0.1	1.0.1
redhat/openssl	<1.0.2	1.0.2
Google Android
debian/openssl		1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.3.2-2

Remedy

https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-2182
agent/remedy
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/android-source
source/Android
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/hp
canonical/hp icewall federation agent
version/hp icewall federation agent/3.0
canonical/hp icewall mcrp
version/hp icewall mcrp/3.0
canonical/hp icewall sso
version/hp icewall sso/10.0
canonical/hp icewall sso agent option
version/hp icewall sso agent option/10.0
vendor/openssl
canonical/openssl openssl
version/openssl openssl/1.0.1
version/openssl openssl/1.0.1a
version/openssl openssl/1.0.1b
version/openssl openssl/1.0.1c
version/openssl openssl/1.0.1d
version/openssl openssl/1.0.1e
version/openssl openssl/1.0.1f
version/openssl openssl/1.0.1g
version/openssl openssl/1.0.1h
version/openssl openssl/1.0.1i
version/openssl openssl/1.0.1j
version/openssl openssl/1.0.1k
version/openssl openssl/1.0.1l
version/openssl openssl/1.0.1m
version/openssl openssl/1.0.1n
version/openssl openssl/1.0.1o
version/openssl openssl/1.0.1p
version/openssl openssl/1.0.1q
version/openssl openssl/1.0.1r
version/openssl openssl/1.0.1s
version/openssl openssl/1.0.1t
version/openssl openssl/1.0.2
version/openssl openssl/1.0.2a
version/openssl openssl/1.0.2b
version/openssl openssl/1.0.2c
version/openssl openssl/1.0.2d
version/openssl openssl/1.0.2e
version/openssl openssl/1.0.2f
version/openssl openssl/1.0.2g
version/openssl openssl/1.0.2h
vendor/oracle
canonical/oracle linux
version/oracle linux/5
version/oracle linux/6
version/oracle linux/7
vendor/google
canonical/google android
package-manager/debian

CVE-2016-2182

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact