CVE-2016-2176
Description
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Risk Information
Base Score
8.2
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score
Exploitation Probability
11.281
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-2176,CVE-2016-2109,CVE-2016-2107,CVE-2016-2106,CVE-2016-2105 are fixed in OpenSSL (x64) 1.0.1t | Windows |
| Vulnerabilities CVE-2016-2176,CVE-2016-2109,CVE-2016-2107,CVE-2016-2106,CVE-2016-2105 are fixed in OpenSSL (x64) 1.0.2h | Windows |
| Vulnerabilities CVE-2016-2176 are affected in MySQL Workbench Enterprise Edition earlier | Windows |
| Vulnerabilities CVE-2016-2176 are affected in MySQL Workbench CE (x64) earlier | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2 | Windows |
| Vulnerabilities CVE-2016-2176,CVE-2018-2760 are affected in Oracle HTTP Server 12.1.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2 | Windows |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Combo Update | Mac |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Adaptive Security Appliance (ASA) Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco AnyConnect Secure Mobility Client | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Application and Content Networking System (ACNS) Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Digital Content Manager (DCM) Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Emergency Responder | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Finesse | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Jabber for Mac | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Jabber for Windows | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Jabber Guest | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Jabber Software Development Kit | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco MediaSense | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Plug-in for OpenFlow | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Prime Infrastructure | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Prime Network | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Prime Network Services Controller | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Prime Optical | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Prime Performance Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Security Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco SocialMiner | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Telepresence Conductor | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence ISDN Link | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence Serial Gateway Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Contact Center Enterprise | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Intelligence Center | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified SIP Proxy | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unity Connection | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unity Express | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Video Surveillance 6000 Series IP Cameras | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco ASR 5000 Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco IronPort Encryption Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco IronPort Email Security Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Email Encryption | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Firepower Management Center Virtual Appliance | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco IronPort Security Management Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco UCS Director | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Data Center Network Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Intercloud Fabric | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Nexus 1000V Switch for VMware vSphere | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For CiscoPro Workgroup EtherSwitch Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco UCS Central Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Aironet 3700 Series Access Points | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Network Registrar | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Access Registrar | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Wireless Network Management Software Suite | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Prime Network Analysis Module Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Prime Collaboration | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Network Convergence System 540 Series Routers | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Digital Media Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Video Networking Solutions | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence ISDN Gateway | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence MCU 4500 Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence MSE 8000 Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Communications Licensing | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Telepresence Integrator C Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence Content Server | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence Server | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco IPICS Server Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Conductor | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Videoscape Distribution Suite for Internet Streaming | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Enterprise CDN Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco NAC Appliance 3300 Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco ASA Next-Generation Firewall Services | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Wide Area Application Services (WAAS) Appliances | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Computing System | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Support Tools | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco ONS 15454 Series Multiservice Provisioning Platforms | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Physical Access Gateways | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Video Surveillance 4000 Series IP Cameras | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Video Surveillance Manager | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Identity Services Engine | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Small Business Voice Gateways and ATAs | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco IPS 4200 Series Sensors | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco AS Series Media Processor Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco 1000 Series Connected Grid Routers | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence Administration Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Attendant Consoles | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Communications Manager (CallManager) | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Hosted Collaboration Solution (HCS) | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Jabber for iPhone | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified MeetingPlace | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco SIP IP Phone Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco IP Phone 8800 Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco IP Phone 7800 Series | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Mobile Communicator | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Jabber Softphone for VDI | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Unified Workforce Optimization | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco WAN Automation Engine (WAE) | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco Policy Suite for Mobile | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco TelePresence Video Communication Server Software | NCM |
| Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 For Cisco 4400 Series Wireless LAN Controllers | NCM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2176) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706057 | Security Update for Cisco Adaptive Security Appliance (ASA) Software 99.17(1.69) |
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-1705634 | Security Update for Cisco Application and Content Networking System (ACNS) Software 3.0(0)A5(3.1a) |
| PATCH-1706007 | Security Update for Cisco Digital Content Manager (DCM) Software 20.0.0 |
| PATCH-1706049 | Security Update for Cisco Emergency Responder 12.0(0.98000.50) |
| PATCH-1705887 | Security Update for Cisco Finesse 11.5(0.98000.126) |
| PATCH-1705811 | Security Update for Cisco Jabber for Windows 11.6(1.38147) |
| PATCH-1705783 | Security Update for Cisco Jabber Guest 10.6(11) |
| PATCH-1706051 | Security Update for Cisco Jabber Software Development Kit 11.8(2) |
| PATCH-1705879 | Security Update for Cisco MediaSense 11.5(1.10000.6) |
| PATCH-1701673 | Security Update for Cisco Plug-in for OpenFlow 4.12(0)SP1 |
| PATCH-1705595 | Security Update for Cisco Prime Infrastructure 2.2(2) |
| PATCH-1701899 | Security Update for Cisco Prime Network 5.0(0.262) |
| PATCH-1701930 | Security Update for Cisco Prime Network Services Controller 21.2.A0.65491 |
| PATCH-1706040 | Security Update for Cisco Prime Optical 10.6(1) |
| PATCH-1706037 | Security Update for Cisco Prime Performance Manager 1.7(0.1703) |
| PATCH-1705795 | Security Update for Cisco Security Manager 4.12(0.64) |
| PATCH-1704708 | Security Update for Cisco SocialMiner 12.0(0.99000.293) |
| PATCH-1705862 | Security Update for Cisco TelePresence Conductor XC4.3 |
| PATCH-1705893 | Security Update for Cisco TelePresence ISDN Link IL1.1.7 |
| PATCH-1705959 | Security Update for Cisco TelePresence Serial Gateway Series 1.0(1.52) |
| PATCH-1705943 | Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0) |
| PATCH-1705886 | Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126) |
| PATCH-1705497 | Security Update for Cisco Unified SIP Proxy 8.5(5) |
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1703070 | Security Update for Cisco Unity Express 6.2.1 |
| PATCH-1705965 | Security Update for Cisco Video Surveillance 6000 Series IP Cameras 2.9 |
| PATCH-1706032 | Security Update for Cisco ASR 5000 Series 21.3.A0.66703 |
| PATCH-1706003 | Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131 |
| PATCH-1705938 | Security Update for Cisco Firepower Management Center Virtual Appliance 6.1.0.1 |
| PATCH-1706033 | Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152 |
| PATCH-1705947 | Security Update for Cisco UCS Director 6.0(1.0) |
| PATCH-1706034 | Security Update for Cisco Data Center Network Manager 10.1(1.158)S0 |
| PATCH-1705855 | Security Update for Cisco Intercloud Fabric 3.3(1) |
| PATCH-1705949 | Security Update for Cisco Nexus 1000V Switch for VMware vSphere 5.2(1)SV3(3.1) |
| PATCH-1706035 | Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4) |
| PATCH-1705950 | Security Update for Cisco UCS Central Software 2.0(1a) |
| PATCH-1705527 | Security Update for Cisco Aironet 3700 Series Access Points 7.5(102.0) |
| PATCH-1706038 | Security Update for Cisco Network Registrar 9.1 |
| PATCH-1706039 | Security Update for Cisco Access Registrar 8.0 |
| PATCH-1705952 | Security Update for Cisco Wireless Network Management Software Suite 8.0(150) |
| PATCH-1706008 | Security Update for Cisco Prime Network Analysis Module Software 6.2(3) |
| PATCH-1705997 | Security Update for Cisco Prime Collaboration 11.0(0.815) |
| PATCH-1706041 | Security Update for Cisco Network Convergence System 540 Series Routers 6.4.1.8i.BASE |
| PATCH-1705797 | Security Update for Cisco Digital Media Manager 5.6.3 |
| PATCH-1705954 | Security Update for Cisco Video Networking Solutions 2.6.9 |
| PATCH-1705955 | Security Update for Cisco TelePresence ISDN Gateway 2.2(1.122) |
| PATCH-1705864 | Security Update for Cisco TelePresence MCU 4500 Series 4.5(1.89) |
| PATCH-1705956 | Security Update for Cisco TelePresence MSE 8000 Series 2.3(1.51) |
| PATCH-1706042 | Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2) |
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
| PATCH-1705866 | Security Update for Cisco TelePresence Content Server 7.2 |
| PATCH-1705960 | Security Update for Cisco TelePresence Server 4.4(1.16) |
| PATCH-1705988 | Security Update for Cisco IPICS Server Software 4.10(2) |
| PATCH-1705867 | Security Update for Cisco Conductor 3.600 |
| PATCH-1705993 | Security Update for Cisco Videoscape Distribution Suite for Internet Streaming 3.11(6.2) |
| PATCH-1705827 | Security Update for Cisco Enterprise CDN Software 5.5(41.2) |
| PATCH-1705897 | Security Update for Cisco ASA Next-Generation Firewall Services 100.6(0.0.181) |
| PATCH-1706001 | Security Update for Cisco Wide Area Application Services (WAAS) Appliances 6.3(0.185) |
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
| PATCH-1705963 | Security Update for Cisco ONS 15454 Series Multiservice Provisioning Platforms 10.6(2) |
| PATCH-1705964 | Security Update for Cisco Video Surveillance 4000 Series IP Cameras 2.4(6.310) |
| PATCH-1706045 | Security Update for Cisco Video Surveillance Manager 7.10 |
| PATCH-1706002 | Security Update for Cisco Identity Services Engine 2.0(0.905) |
| PATCH-1702213 | Security Update for Cisco Small Business Voice Gateways and ATAs 7.6.2SR5 |
| PATCH-1705754 | Security Update for Cisco IPS 4200 Series Sensors 7.3(5)P1 |
| PATCH-1705872 | Security Update for Cisco AS Series Media Processor Software CAL9.7 |
| PATCH-1705873 | Security Update for Cisco 1000 Series Connected Grid Routers 15.6(3.0q)M |
| PATCH-1705874 | Security Update for Cisco TelePresence Administration Software 6.1.13_3 |
| PATCH-1706047 | Security Update for Cisco Unified Attendant Consoles 11.0(2) |
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
| PATCH-1706050 | Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24) |
| PATCH-1705972 | Security Update for Cisco Jabber for iPhone 11.8(1.250291) |
| PATCH-1705973 | Security Update for Cisco Unified MeetingPlace 8.6(2.45) |
| PATCH-1705918 | Security Update for Cisco SIP IP Phone Software 11.7(1)MN19 |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
| PATCH-1705975 | Security Update for Cisco IP Phone 7800 Series 11.7(1) |
| PATCH-1705976 | Security Update for Cisco Unified Mobile Communicator 11.8(1.250274) |
| PATCH-1705883 | Security Update for Cisco Jabber Softphone for VDI 11.5(1) |
| PATCH-1705884 | Security Update for Cisco Unified Workforce Optimization 11.5(1)SGN1 |
| PATCH-1706046 | Security Update for Cisco WAN Automation Engine (WAE) v6.4.6dev-43-g887096e25e6 |
| PATCH-1705812 | Security Update for Cisco Policy Suite for Mobile 8.1.0 |
| PATCH-1706044 | Security Update for Cisco TelePresence Video Communication Server Software X8.9.2 |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234