1. Home
  2. CVE Database
  3. CVE-2016-2182
CRITICAL · 9.8

CVE-2016-2182

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and ...

Vulnerability Description

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HpIcewall Federation Agent3.0
HpIcewall Mcrp3.0
HpIcewall Sso10.0
HpIcewall Sso Agent Option10.0
OpensslOpenssl1.0.1
OracleLinux5

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2016-2182?

CVE-2016-2182 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and ...

How severe is CVE-2016-2182?

CVE-2016-2182 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-2182?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Icewall Federation Agent, Hp Icewall Mcrp, Hp Icewall Sso, Hp Icewall Sso Agent Option, Openssl Openssl.