Denial of Service in OpenSSL Affects Multiple Products
CVE-2016-7052

7.5HIGH

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Module For Web Scripting
Vendor: CVE Published:; 26 September 2016

What is CVE-2016-7052?

A vulnerability in OpenSSL version 1.0.2i can be exploited by remote attackers to trigger a denial of service through a CRL (Certificate Revocation List) operation. This exploitation leads to a NULL pointer dereference, which in turn results in application crashes. Systems utilizing this version of OpenSSL are at risk, necessitating prompt updates to secure their operations.

References

https://www.tenable.com/security/tns-2016-20

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

https://www.openssl.org/news/secadv/20160926.txt

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2016
Vulnerability Reserved
Aug 23, 2016

Novell

What is CVE-2016-7052?

References

EPSS Score

CVSS V3.1

Timeline