CVE-2016-2180

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-2180
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2180.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-2180
Downstream
Related
Published
2016-08-01T02:59:11Z
Modified
2025-09-30T02:10:42.410403Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The TSOBJprintbio function in crypto/ts/tslib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat

Database specific

{
    "vanir_signatures": [
        {
            "target": {
                "file": "crypto/ts/ts_lib.c"
            },
            "signature_type": "Line",
            "deprecated": false,
            "id": "CVE-2016-2180-0586fe61",
            "signature_version": "v1",
            "source": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a",
            "digest": {
                "line_hashes": [
                    "336675174083158084006826895339832663963",
                    "281413504828312712964861641128278023991",
                    "333921439718746670005585905731197360480",
                    "60517647528473954529734412498370010455",
                    "244477556658937098355774812612065706396",
                    "269782272574809713761326523668777661463"
                ],
                "threshold": 0.9
            }
        },
        {
            "target": {
                "function": "TS_OBJ_print_bio",
                "file": "crypto/ts/ts_lib.c"
            },
            "signature_type": "Function",
            "deprecated": false,
            "id": "CVE-2016-2180-857531b5",
            "signature_version": "v1",
            "source": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a",
            "digest": {
                "function_hash": "291316396250902221971467584909130329119",
                "length": 214.0
            }
        }
    ]
}