CVE-2016-7052

7.5HIGH

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Module For Web Scripting
Vendor: CVE Published:; 26 September 2016

Summary

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

References

https://www.tenable.com/security/tns-2016-20

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

https://www.openssl.org/news/secadv/20160926.txt

x_refsource_CONFIRM

EPSS Score

40% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2016
Vulnerability Reserved
Aug 23, 2016

Collectors

NVD DatabaseMitre Database