Back
CVE-2016-0799
CRITICAL
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
Published: Mar 3, 2016
Modified: May 6, 2026
CWE-119
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (35)
| Vendor | Product | Version |
|---|---|---|
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1 |
| openssl | openssl | 1.0.1a |
| openssl | openssl | 1.0.1b |
| openssl | openssl | 1.0.1c |
| openssl | openssl | 1.0.1d |
| openssl | openssl | 1.0.1e |
| openssl | openssl | 1.0.1f |
| openssl | openssl | 1.0.1g |
| openssl | openssl | 1.0.1h |
| openssl | openssl | 1.0.1i |
| openssl | openssl | 1.0.1j |
| openssl | openssl | 1.0.1k |
| openssl | openssl | 1.0.1l |
| openssl | openssl | 1.0.1m |
| openssl | openssl | 1.0.1n |
| openssl | openssl | 1.0.1o |
| openssl | openssl | 1.0.1p |
…and 15 more
GitHub Security Advisory GHSA-x493-jjcm-ffg2
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0...
References (118)
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
43.54%
Top 2% most likely to be exploited
Threat Score
52.3 / 100
Data Sources
NVD
EPSS
GitHub