CVE-2016-2177

9.8CRITICAL

Key Information:

Vendor: HP
Status: Icewall Sso; Icewall Mcrp; Icewall Sso Agent Option
Vendor: CVE Published:; 20 June 2016

Summary

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.

References

https://www.tenable.com/security/tns-2016-20

http://www.splunk.com/view/SP-CAAAPUE

http://www.oracle.com/technetwork/security-advisory/cpuja...

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2016
Vulnerability Reserved
Jan 29, 2016