Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2176)

Description

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

Remediation

References

Related Vulnerabilities

WordPress Plugin YAWPP (Yet Another WordPress Petition Plugin) SQL Injection (1.2)

WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Request Forgery (2.2.6)

MySQL CVE-2021-2016 Vulnerability (CVE-2021-2016)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1580)

WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)

Severity

High

Classification

CVE-2016-2176 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Tags

Missing Update Known Vulnerabilities