CVE-2016-2181

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to reclayerd1.c and ssl3_record.c.

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type

GIT

Repo

https://github.com/openssl/openssl

Events

Introduced

Last affected

888759a1d38197f29de7227876c3b58fbff8549f

Last affected

e818b74be2170fbe957a07b0da4401c2b694b3b8

Last affected

543e15a3c0139e6026ce194f8c8465fb9a559986

Last affected

fe707c3260cb44f5e7d701cf87e1197712ec7d43

Database specific

{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
        "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
        "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        },
        {
            "last_affected": "1.0.1a"
        },
        {
            "last_affected": "1.0.1b"
        },
        {
            "last_affected": "1.0.1c"
        },
        {
            "last_affected": "1.0.1d"
        },
        {
            "last_affected": "1.0.1e"
        },
        {
            "last_affected": "1.0.1f"
        },
        {
            "last_affected": "1.0.1g"
        },
        {
            "last_affected": "1.0.1h"
        },
        {
            "last_affected": "1.0.1i"
        },
        {
            "last_affected": "1.0.1j"
        },
        {
            "last_affected": "1.0.1k"
        },
        {
            "last_affected": "1.0.1l"
        },
        {
            "last_affected": "1.0.1m"
        },
        {
            "last_affected": "1.0.1n"
        },
        {
            "last_affected": "1.0.1o"
        },
        {
            "last_affected": "1.0.1p"
        },
        {
            "last_affected": "1.0.1q"
        },
        {
            "last_affected": "1.0.1r"
        },
        {
            "last_affected": "1.0.1s"
        },
        {
            "last_affected": "1.0.1t"
        },
        {
            "last_affected": "1.0.2"
        },
        {
            "last_affected": "1.0.2a"
        },
        {
            "last_affected": "1.0.2b"
        },
        {
            "last_affected": "1.0.2c"
        },
        {
            "last_affected": "1.0.2d"
        },
        {
            "last_affected": "1.0.2e"
        },
        {
            "last_affected": "1.0.2f"
        },
        {
            "last_affected": "1.0.2g"
        },
        {
            "last_affected": "1.0.2h"
        },
        {
            "last_affected": "6"
        },
        {
            "last_affected": "7"
        }
    ]
}

Affected versions

Other

BEFORE_engine

BEN_FIPS_TEST_6

BEN_FIPS_TEST_7

OpenSSL_0_9_1c

OpenSSL_0_9_2b

OpenSSL_0_9_3

OpenSSL_0_9_3a

OpenSSL_0_9_3beta2

OpenSSL_0_9_4

OpenSSL_0_9_5a

OpenSSL_0_9_5a-beta1

OpenSSL_0_9_5a-beta2

OpenSSL_0_9_5beta1

OpenSSL_0_9_5beta2

OpenSSL_0_9_6-beta3

OpenSSL_0_9_7

OpenSSL_0_9_7-beta1

OpenSSL_0_9_7-beta2

OpenSSL_0_9_7-beta3

OpenSSL_0_9_7-beta4

OpenSSL_0_9_7-beta6

OpenSSL_0_9_7a

OpenSSL_0_9_7b

OpenSSL_0_9_7c

OpenSSL_0_9_7e

OpenSSL_1_0_1

OpenSSL_1_0_1-beta1

OpenSSL_1_0_1-beta2

OpenSSL_1_0_1-beta3

OpenSSL_1_0_1-post-auto-reformat

OpenSSL_1_0_1-post-reformat

OpenSSL_1_0_1-pre-auto-reformat

OpenSSL_1_0_1-pre-reformat

OpenSSL_1_0_1a

OpenSSL_1_0_1b

OpenSSL_1_0_1c

OpenSSL_1_0_1d

OpenSSL_1_0_1e

OpenSSL_1_0_1f

OpenSSL_1_0_1g

OpenSSL_1_0_1h

OpenSSL_1_0_1i

OpenSSL_1_0_1j

OpenSSL_1_0_1k

OpenSSL_1_0_1l

OpenSSL_1_0_1m

OpenSSL_1_0_1n

OpenSSL_1_0_1o

OpenSSL_1_0_1p

OpenSSL_1_0_1q

OpenSSL_1_0_1r

OpenSSL_1_0_1s

OpenSSL_1_0_1t

OpenSSL_1_0_1u

OpenSSL_1_0_2

OpenSSL_1_0_2-beta1

OpenSSL_1_0_2-beta2

OpenSSL_1_0_2-beta3

OpenSSL_1_0_2-post-auto-reformat

OpenSSL_1_0_2-post-reformat

OpenSSL_1_0_2-pre-auto-reformat

OpenSSL_1_0_2-pre-reformat

OpenSSL_1_0_2a

OpenSSL_1_0_2b

OpenSSL_1_0_2c

OpenSSL_1_0_2d

OpenSSL_1_0_2e

OpenSSL_1_0_2f

OpenSSL_1_0_2g

OpenSSL_1_0_2h

OpenSSL_1_0_2i

OpenSSL_1_0_2j

OpenSSL_1_0_2k

OpenSSL_1_0_2l

OpenSSL_1_0_2m

OpenSSL_1_0_2n

OpenSSL_1_0_2o

OpenSSL_1_0_2p

OpenSSL_1_0_2q

OpenSSL_1_0_2r

OpenSSL_1_0_2s

OpenSSL_1_0_2t

OpenSSL_1_0_2u

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2181.json"