Out-of-bounds Write Vulnerability in OpenSSL Library
CVE-2016-2182

9.8CRITICAL

Key Information:

Vendor: HP
Status: Icewall Sso; Icewall Mcrp; Icewall Sso Agent Option; Icewall Federation Agent
Vendor: CVE Published:; 16 September 2016

Summary

The BN_bn2dec function in OpenSSL versions prior to 1.1.0 lacks adequate validation of the results from division operations. This oversight creates an avenue for remote attackers to exploit the vulnerability, potentially leading to denial of service through out-of-bounds writes and application crashes. Such exploits can occur via various, yet unspecified, vectors, compromising application stability and server integrity.

References

http://www.securitytracker.com/id/1036688

vdb-entry

https://www.tenable.com/security/tns-2016-20

https://access.redhat.com/errata/RHSA-2018:2185

vendor-advisory

EPSS Score

37% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2016
Vulnerability Reserved
Jan 29, 2016