CVE-2016-0798

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-0798

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0798.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-0798

Related

Published

2016-03-03T20:59:02Z

Modified

2024-09-11T03:36:39.347772Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Memory leak in the SRPVBASEgetbyuser implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/sserver.c and crypto/srp/srpvfy.c.

References

Affected packages

Debian:11 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssl

Package

Name: openssl
Purl: pkg:deb/debian/openssl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openssl/openssl

Affected ranges

Type: GIT
Repo: https://github.com/openssl/openssl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

08e4c7a967cc9d82264d125440d8b17b912bd250

Last affected

2c5db8dac3a06fe5b2c889838a606138ee3542ed

Last affected

2f63ad1c6daa61614f3d58de0889bf68e9f75853

Last affected

888759a1d38197f29de7227876c3b58fbff8549f

Last affected

94f416601754dbe65e287f8e1eca01fa32f74a7a

Last affected

ab585551c0a577d9a91825d446465905a5ea17e3

Last affected

e2dfb655f798831ffb29242ad804013ddb0c5d5b

Last affected

e818b74be2170fbe957a07b0da4401c2b694b3b8

Affected versions

Other

BEFORE_engine

OpenSSL_0_9_1c

OpenSSL_0_9_2b

OpenSSL_0_9_3

OpenSSL_0_9_3a

OpenSSL_0_9_3beta2

OpenSSL_0_9_4

OpenSSL_0_9_5a

OpenSSL_0_9_5a-beta1

OpenSSL_0_9_5a-beta2

OpenSSL_0_9_5beta1

OpenSSL_0_9_5beta2

OpenSSL_0_9_6-beta3

OpenSSL_1_0_0

OpenSSL_1_0_0-beta1

OpenSSL_1_0_0-beta2

OpenSSL_1_0_0-beta3

OpenSSL_1_0_0-beta4

OpenSSL_1_0_0-beta5

OpenSSL_1_0_0a

OpenSSL_1_0_1-beta1

OpenSSL_1_0_1-beta2

OpenSSL_1_0_1-beta3