Back
CVE-2016-0705
CRITICAL
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Published: Mar 3, 2016
Modified: May 6, 2026
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (61)
| Vendor | Product | Version |
|---|---|---|
| oracle | mysql | * ≥ 5.6.0 |
| oracle | mysql | * ≥ 5.7.0 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1a |
| openssl | openssl | 1.0.1b |
| openssl | openssl | 1.0.1c |
| openssl | openssl | 1.0.1d |
| openssl | openssl | 1.0.1e |
| openssl | openssl | 1.0.1f |
| openssl | openssl | 1.0.1g |
| openssl | openssl | 1.0.1h |
| openssl | openssl | 1.0.1i |
| openssl | openssl | 1.0.1j |
| openssl | openssl | 1.0.1k |
| openssl | openssl | 1.0.1l |
| openssl | openssl | 1.0.1m |
| openssl | openssl | 1.0.1n |
…and 41 more
GitHub Security Advisory GHSA-jq9m-v5x9-ppg9
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1...
References (114)
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html Mailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html Mailing List, Third Party Advisory
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
21.83%
Top 4% most likely to be exploited
Threat Score
45.8 / 100
Data Sources
NVD
EPSS
GitHub