CVE-2016-0705

Severity

99%

Complexity

99%

Confidentiality

165%

CWE-415: Double Free

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

CWE-415: Double Free

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 9 years ago

2016-03-03 20:59:00

Last updated 6 years ago

2019-02-20 16:59:00

Affected Software

Oracle MySQL -

OpenSSL Project OpenSSL 1.0.1

1.0.1

OpenSSL Project OpenSSL 1.0.1 Beta1

1.0.1

OpenSSL Project OpenSSL 1.0.1 Beta2

1.0.1

OpenSSL Project OpenSSL 1.0.1 Beta3

1.0.1

OpenSSL Project OpenSSL 1.0.1a

1.0.1a

OpenSSL Project OpenSSL 1.0.1b

1.0.1b

OpenSSL Project OpenSSL 1.0.1c

1.0.1c

OpenSSL Project OpenSSL 1.0.1d

1.0.1d

OpenSSL Project OpenSSL 1.0.1e

1.0.1e

OpenSSL Project OpenSSL 1.0.1f

1.0.1f

OpenSSL Project OpenSSL 1.0.1g

1.0.1g

OpenSSL Project OpenSSL 1.0.1h

1.0.1h

OpenSSL Project OpenSSL 1.0.1i

1.0.1i

OpenSSL Project OpenSSL 1.0.1j

1.0.1j

OpenSSL Project OpenSSL 1.0.1k

1.0.1k

OpenSSL Project OpenSSL 1.0.1l

1.0.1l

OpenSSL OpenSSL 1.0.1m

1.0.1m

OpenSSL Project OpenSSL 1.0.1n

1.0.1n

OpenSSL Project OpenSSL 1.0.1o

1.0.1o

OpenSSL OpenSSL 1.0.1p

1.0.1p

OpenSSL 1.0.1q

1.0.1q

OpenSSL 1.0.1r

1.0.1r

OpenSSL Project OpenSSL 1.0.2

1.0.2

OpenSSL Project OpenSSL 1.0.2-beta1

1.0.2

OpenSSL 1.0.2 Beta 2

1.0.2

OpenSSL 1.0.2 Beta 3

1.0.2

OpenSSL OpenSSL 1.0.2a

1.0.2a

OpenSSL Project OpenSSL 1.0.2b

1.0.2b

OpenSSL Project OpenSSL 1.0.2c

1.0.2c

OpenSSL OpenSSL 1.0.2d

1.0.2d

OpenSSL 1.0.2e

1.0.2e

OpenSSL 1.0.2f

1.0.2f

Google Android Operating System 4.0

4.0

Google Android Operating System 4.0.1

4.0.1

Google Android Operating System 4.0.2

4.0.2

Google Android Operating System 4.0.3

4.0.3

Google Android Operating System 4.0.4

4.0.4

Google Android Operating System 4.1

4.1

Google Android Operating System 4.1.2

4.1.2

Google Android Operating System 4.2 (Jelly Bean)

4.2

Google Android Operating System 4.2.1

4.2.1

Google Android Operating System 4.2.2

4.2.2

Google Android Operating System 4.3

4.3

Google Android Operating System 4.3.1

4.3.1

Google Android Operating System 4.4

4.4

Google Android Operating System 4.4.1

4.4.1

Google Android Operating System 4.4.2

4.4.2

Google Android Operating System 4.4.3

4.4.3

Google Android Operating System 5.0

5.0

Google Android 5.0.1

5.0.1

Google Android 5.1

5.1

Google Android 5.1.0

5.1.0

Google Android 6.0

6.0

Google Android 6.0.1

6.0.1

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.10

15.10

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

Third Party Advisory

FEDORA-2016-2802690366

Mailing List, Third Party Advisory

FEDORA-2016-e6807b3394

Mailing List, Third Party Advisory

SUSE-SU-2016:0617

Mailing List, Third Party Advisory

SUSE-SU-2016:0620

Mailing List, Third Party Advisory

SUSE-SU-2016:0621

Mailing List, Third Party Advisory

SUSE-SU-2016:0624

Mailing List, Third Party Advisory

openSUSE-SU-2016:0627

Mailing List, Third Party Advisory

openSUSE-SU-2016:0628

Mailing List, Third Party Advisory

SUSE-SU-2016:0631

Mailing List, Third Party Advisory

openSUSE-SU-2016:0637

Mailing List, Third Party Advisory

openSUSE-SU-2016:0638

Mailing List, Third Party Advisory

SUSE-SU-2016:1057

Mailing List, Third Party Advisory

openSUSE-SU-2016:1332

Mailing List, Third Party Advisory

openSUSE-SU-2016:1566

Mailing List, Third Party Advisory

HPSBGN03563

Mailing List, Third Party Advisory

HPSBGN03569

Mailing List, Third Party Advisory

HPSBMU03575

Mailing List, Third Party Advisory

http://openssl.org/news/secadv/20160301.txt

Vendor Advisory

RHSA-2016:2957

Third Party Advisory

http://source.android.com/security/bulletin/2016-05-01.html

Third Party Advisory

20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016

Third Party Advisory

DSA-3500

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Patch, Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Patch, Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Vendor Advisory

83754

Third Party Advisory, VDB Entry

91787

Third Party Advisory, VDB Entry

1035133

Third Party Advisory, VDB Entry

USN-2914-1

Third Party Advisory

RHSA-2018:2568

Third Party Advisory

RHSA-2018:2575

Third Party Advisory

RHSA-2018:2713

Third Party Advisory

https://git.openssl.org/?p=openssl.git;a=commit;h=6c88c71b4e4825c7bc0489306d062d017634eb88

Vendor Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Third Party Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168

Third Party Advisory

FreeBSD-SA-16:12

Vendor Advisory

GLSA-201603-15

Third Party Advisory

https://www.openssl.org/news/secadv/20160301.txt

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.