Vulnerability Name:

CVE-2016-2182

Assigned:2016-08-16
Published:2016-08-16
Updated:2018-07-13
Summary:The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVSS v3 Severity:9.8 Critical (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
4.3 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
3.8 Low (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
6.2 Medium (REDHAT CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (REDHAT Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-787
References:Source: CONFIRM
Type: VENDOR_ADVISORY
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

Source: REDHAT
Type: UNKNOWN
RHSA-2016:1940

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www-01.ibm.com/support/docview.wss?uid=swg21995039

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

Source: BID
Type: VENDOR_ADVISORY
92557

Source: SECTRACK
Type: UNKNOWN
1036688

Source: SECTRACK
Type: UNKNOWN
1037968

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.splunk.com/view/SP-CAAAPSV

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.splunk.com/view/SP-CAAAPUE

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2185

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2186

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2187

Source: CONFIRM
Type: VENDOR_ADVISORY
https://bto.bluecoat.com/security-advisory/sa132

Source: XF
Type: UNKNOWN
openssl-cve20162182-dos(116342)

Source: CONFIRM
Type: VENDOR_ADVISORY
https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34

Source: CONFIRM
Type: VENDOR_ADVISORY
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

Source: CONFIRM
Type: VENDOR_ADVISORY
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

Source: CONFIRM
Type: VENDOR_ADVISORY
https://kc.mcafee.com/corporate/index?page=content&id=SB10171

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-16:26

Source: CONFIRM
Type: UNKNOWN
https://source.android.com/security/bulletin/2017-03-01.html

Source: CONFIRM
Type: UNKNOWN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us

Source: MISC
Type: VENDOR_ADVISORY
https://www.openssl.org/news/vulnerabilities.html#y2017

Source: CONFIRM
Type: VENDOR_ADVISORY
https://www.tenable.com/security/tns-2016-16

Source: CONFIRM
Type: UNKNOWN
https://www.tenable.com/security/tns-2016-20

Source: CONFIRM
Type: UNKNOWN
https://www.tenable.com/security/tns-2016-21

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:icewall_sso:10.0::~~certd~~~:*:*:*:*:*
  • OR cpe:/a:hp:icewall_sso:10.0::~~dfw~~~:*:*:*:*:*
  • OR cpe:/a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:oracle:linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:oracle:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:oracle:linux:7.0:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:infosphere_master_data_management:10.1::~~collaborative~~~:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.0::~~collaborative~~~:*:*:*:*:*
  • OR cpe:/a:ibm:integration_bus:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_flashcopy_manager:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:messagesight_jms_client:1.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_flashcopy_manager:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_flashcopy_manager:4.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.3::~~collaborative~~~:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.4::~~collaborative~~~:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:messagesight:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.0:*:*:*:*:*:*:*
  • OR cpe:/h:ibm:flex_system_manager_node_7955:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:systems_director:5.20:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:7.1::~~~vmware~~:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mq_appliance_m2000:8.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.5::~~collaborative~~~:*:*:*:*:*
  • OR cpe:/a:ibm:integration_bus:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mq_appliance_m2000:8.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:bigfix_platform:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_privileged_identity_manager:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_access_manager:9.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.1.3:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20162182
    V
    CVE-2016-2182
    2018-07-15
    oval:org.cisecurity:def:1901
    V
    The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results - CVE-2016-2182
    2017-03-03
    oval:org.cisecurity:def:1210
    P
    DSA-3673-1 -- openssl -- security update
    2016-11-10
    oval:com.redhat.rhsa:def:20161940
    P
    RHSA-2016:1940: openssl security update (Important)
    2016-09-27
    oval:com.ubuntu.artful:def:20162182000
    V
    CVE-2016-2182 on Ubuntu 17.10 (artful) - low.
    2016-09-16
    oval:com.ubuntu.precise:def:20162182000
    V
    CVE-2016-2182 on Ubuntu 12.04 LTS (precise) - low.
    2016-09-16
    oval:com.ubuntu.trusty:def:20162182000
    V
    CVE-2016-2182 on Ubuntu 14.04 LTS (trusty) - low.
    2016-09-16
    oval:com.ubuntu.xenial:def:20162182000
    V
    CVE-2016-2182 on Ubuntu 16.04 LTS (xenial) - low.
    2016-09-16
    BACK
    hp icewall federation agent 3.0
    hp icewall mcrp 3.0
    hp icewall sso 10.0
    hp icewall sso 10.0
    hp icewall sso agent option 10.0
    openssl openssl 1.0.1
    openssl openssl 1.0.1a
    openssl openssl 1.0.1b
    openssl openssl 1.0.1c
    openssl openssl 1.0.1d
    openssl openssl 1.0.1e
    openssl openssl 1.0.1f
    openssl openssl 1.0.1g
    openssl openssl 1.0.1h
    openssl openssl 1.0.1i
    openssl openssl 1.0.1j
    openssl openssl 1.0.1k
    openssl openssl 1.0.1l
    openssl openssl 1.0.1m
    openssl openssl 1.0.1n
    openssl openssl 1.0.1o
    openssl openssl 1.0.1p
    openssl openssl 1.0.1q
    openssl openssl 1.0.1r
    openssl openssl 1.0.1s
    openssl openssl 1.0.1t
    openssl openssl 1.0.2
    openssl openssl 1.0.2a
    openssl openssl 1.0.2b
    openssl openssl 1.0.2c
    openssl openssl 1.0.2d
    openssl openssl 1.0.2e
    openssl openssl 1.0.2f
    openssl openssl 1.0.2g
    openssl openssl 1.0.2h
    oracle linux 5
    oracle linux 6.0
    oracle linux 7.0
    openssl openssl 0.9.8zc
    ibm infosphere master data management 10.1
    ibm infosphere information server 8.7
    ibm infosphere information server 9.1
    ibm cognos business intelligence 10.1.1
    ibm cognos business intelligence 10.2
    ibm rational insight 1.1.1.5
    ibm rational insight 1.1.1.5
    ibm infosphere master data management 11.0
    ibm integration bus 9.0
    ibm cognos business intelligence 10.2.1
    ibm sametime 9.0.0.1
    ibm tivoli storage flashcopy manager 3.1.1
    ibm messagesight jms client 1.1.0.0
    ibm tivoli storage flashcopy manager 3.2.0
    ibm tivoli storage flashcopy manager 4.1.0.1
    ibm infosphere information server 11.3
    ibm i 7.1
    ibm i 7.2
    ibm infosphere master data management 11.3
    ibm infosphere master data management 11.4
    ibm rational insight 1.1.1.5
    ibm pureapplication system 2.0.0.0
    ibm powerkvm 2.1
    ibm cognos business intelligence 10.2.2
    ibm security identity manager 7.0
    ibm messagesight 1.2
    ibm tivoli common reporting 3.1
    ibm tivoli common reporting 3.1.0.1
    ibm tivoli common reporting 3.1.0.2
    ibm infosphere information server 11.5
    ibm security guardium 10.0
    ibm flex system manager node 7955 -
    ibm systems director 5.20
    ibm spectrum protect for virtual environments 7.1
    ibm tivoli common reporting 3.1.2.1
    ibm security privileged identity manager 2.0.2
    ibm mq appliance m2000 8.0.0.3
    ibm cognos analytics 11.0.4.0
    ibm powerkvm 3.1
    ibm security access manager 9.0.0.1
    ibm infosphere master data management 11.5
    ibm integration bus 10.0
    ibm mq appliance m2000 8.0.0.3
    ibm i 7.3
    redhat enterprise linux hpc node eus 7.2
    redhat enterprise linux server aus 7.2
    redhat enterprise linux server eus 7.2
    ibm security identity governance and intelligence 5.2.1
    redhat enterprise linux desktop 6.0
    redhat enterprise linux server 6.0
    redhat enterprise linux workstation 6.0
    ibm sametime 9.0.1
    ibm bigfix platform 9.1
    ibm bigfix platform 9.2
    ibm bigfix platform 9.5
    ibm security guardium 10.0.1
    ibm security guardium 10.1
    ibm security access manager 7.0.0
    ibm security access manager 9.0.0
    ibm security access manager 9.0.1.0
    ibm security guardium 10.1.2
    ibm security privileged identity manager 2.1.0
    ibm cognos analytics 11.0.4.0
    ibm security access manager 9.0.2.0
    ibm security guardium 10.1.3