1. Home
  2. CVE Database
  3. CVE-2016-2108
CRITICAL · 9.8

CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an...

Vulnerability Description

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
RedhatEnterprise Linux Desktop6.0
RedhatEnterprise Linux Hpc Node6.0
RedhatEnterprise Linux Server6.0
RedhatEnterprise Linux Workstation6.0
OpensslOpenssl<= 1.0.1n
RedhatEnterprise Linux Hpc Node Eus7.2
RedhatEnterprise Linux Server Aus7.2
RedhatEnterprise Linux Server Eus7.2
GoogleAndroid4.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2016-2108?

CVE-2016-2108 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an...

How severe is CVE-2016-2108?

CVE-2016-2108 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-2108?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Openssl Openssl.