CVE-2016-0705 — CRITICAL (9.8)

Q: How severe is CVE-2016-0705?

CVE-2016-0705 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-0705?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Openssl Openssl, Google Android, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Mysql	>= 5.6.0, <= 5.6.29
Openssl	Openssl	1.0.1
Google	Android	4.0
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	7.0

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2016-0705?

CVE-2016-0705 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory ...

How severe is CVE-2016-0705?

CVE-2016-0705 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-0705?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Openssl Openssl, Google Android, Canonical Ubuntu Linux, Debian Debian Linux.