WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2176)

Description

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

Remediation

References

Related Vulnerabilities

Envoy Proxy Integer Underflow (Wrap or Wraparound) Vulnerability (CVE-2024-32975)

phpList Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-22249)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-7297)

WordPress Plugin Simple Matted Thumbnails Cross-Site Scripting (1.01)

Magento Improper Input Validation Vulnerability (CVE-2021-28585)

Severity

High

Classification

CVE-2016-2176 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Tags

Missing Update Known Vulnerabilities