Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2016-0797

Published

8 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c..

CVSSv2.0 Score

Severity: Medium
Base Score: 5/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: Partial
Integrity Impact: None

CVSSv3.1 Score

Severity: High
Base Score: 7.5/10
Exploit Score: 3.9/10
Access Vector: Network
Access Complexity: Low
Privileges Required: None
Impact Score: 3.6/10
Confidentiality Impact: None
Availability Impact: High
Integrity Impact: None
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:openssl:openssl:1.0.1m:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2a:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1j:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1h:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2e:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1r:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2b:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1c:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1g:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1a:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1d:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2c:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1p:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1k:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1b:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1n:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1q:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1e:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1l:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1f:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1o:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2f:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1i:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.1:::::::*	Yes	-	-
cpe:2.3:a:openssl:openssl:1.0.2d:::::::*	Yes	-	-
cpe:2.3:a:nodejs:node.js:::::lts:::*	Yes	4.2.0	4.3.2
cpe:2.3:a:nodejs:node.js:::::-:::*	Yes	4.0.0	4.1.2
cpe:2.3:a:nodejs:node.js::::::::	Yes	5.0.0	5.7.1
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::	Yes	-	-
cpe:2.3:o:debian:debian_linux:8.0:::::::*	Yes	-	-
cpe:2.3:o:debian:debian_linux:7.0:::::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2016-0797

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2016-0797

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References