1. Home
  2. Vulnerabilities
  3. CVE-2016-2107

CVE-2016-2107

CVSS v3.1 5.9 (Medium)
59% Progress
CVSS v2.0 2.6 (Low)
26% Progress
EPSS 96.90 % (100th)
96.90% Progress
Affected Products 15
Advisories 24
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-310
Cryptographic Issues
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2016-05-05 01:59:03
(8 years ago)
Updated Date
2024-02-16 19:19:33
(7 months ago)

Affected Products

Canonical

Debian

Google

Hp

Nodejs

Openssl

Opensuse

Redhat

Configuration #1

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  Redhat Enterprise Linux Hpc Node 7.0 cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  Redhat Enterprise Linux Hpc Node Eus 7.2 cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Server Aus 7.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2
  Redhat Enterprise Linux Server Eus 7.2 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #2

    CPE23 From Up To
  Opensuse Leap 42.1 cpe:2.3:o:opensuse:leap:42.1
  Opensuse 13.2 cpe:2.3:o:opensuse:opensuse:13.2

Configuration #3

    CPE23 From Up To
  Openssl 1.0.1s and prior versions cpe:2.3:a:openssl:openssl <= 1.0.1s
  Openssl 1.0.2 cpe:2.3:a:openssl:openssl:1.0.2
  Openssl 1.0.2 Beta1 cpe:2.3:a:openssl:openssl:1.0.2:beta1
  Openssl 1.0.2 Beta2 cpe:2.3:a:openssl:openssl:1.0.2:beta2
  Openssl 1.0.2 Beta3 cpe:2.3:a:openssl:openssl:1.0.2:beta3
  Openssl 1.0.2a cpe:2.3:a:openssl:openssl:1.0.2a
  Openssl 1.0.2b cpe:2.3:a:openssl:openssl:1.0.2b
  Openssl 1.0.2c cpe:2.3:a:openssl:openssl:1.0.2c
  Openssl 1.0.2d cpe:2.3:a:openssl:openssl:1.0.2d
  Openssl 1.0.2e cpe:2.3:a:openssl:openssl:1.0.2e
  Openssl 1.0.2f cpe:2.3:a:openssl:openssl:1.0.2f
  Openssl 1.0.2g cpe:2.3:a:openssl:openssl:1.0.2g

Configuration #4

    CPE23 From Up To
  Google Android 4.0 cpe:2.3:o:google:android:4.0
  Google Android 4.0.1 cpe:2.3:o:google:android:4.0.1
  Google Android 4.0.2 cpe:2.3:o:google:android:4.0.2
  Google Android 4.0.3 cpe:2.3:o:google:android:4.0.3
  Google Android 4.0.4 cpe:2.3:o:google:android:4.0.4
  Google Android 4.1 cpe:2.3:o:google:android:4.1
  Google Android 4.1.2 cpe:2.3:o:google:android:4.1.2
  Google Android 4.2 cpe:2.3:o:google:android:4.2
  Google Android 4.2.1 cpe:2.3:o:google:android:4.2.1
  Google Android 4.2.2 cpe:2.3:o:google:android:4.2.2
  Google Android 4.3 cpe:2.3:o:google:android:4.3
  Google Android 4.3.1 cpe:2.3:o:google:android:4.3.1
  Google Android 4.4 cpe:2.3:o:google:android:4.4
  Google Android 4.4.1 cpe:2.3:o:google:android:4.4.1
  Google Android 4.4.2 cpe:2.3:o:google:android:4.4.2
  Google Android 4.4.3 cpe:2.3:o:google:android:4.4.3
  Google Android 5.0 cpe:2.3:o:google:android:5.0
  Google Android 5.0.1 cpe:2.3:o:google:android:5.0.1
  Google Android 5.1 cpe:2.3:o:google:android:5.1
  Google Android 5.1.0 cpe:2.3:o:google:android:5.1.0

Configuration #5

    CPE23 From Up To
  Hp Helion Openstack 2.0.0 cpe:2.3:a:hp:helion_openstack:2.0.0
  Hp Helion Openstack 2.1.0 cpe:2.3:a:hp:helion_openstack:2.1.0
  Hp Helion Openstack 2.1.2 cpe:2.3:a:hp:helion_openstack:2.1.2
  Hp Helion Openstack 2.1.4 cpe:2.3:a:hp:helion_openstack:2.1.4

Configuration #6

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  Redhat Enterprise Linux Hpc Node 6.0 cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0
  Redhat Enterprise Linux Server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0
  Redhat Enterprise Linux Workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Configuration #7

    CPE23 From Up To
  Nodejs Node.js from 0.10.0 version and prior 0.10.45 version cpe:2.3:a:nodejs:node.js >= 0.10.0 < 0.10.45
  Nodejs Node.js from 0.12.0 version and prior 0.12.14 version cpe:2.3:a:nodejs:node.js >= 0.12.0 < 0.12.14
  Nodejs Node.js from 4.0.0 version and 4.1.2 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 4.0.0 <= 4.1.2
  Nodejs Node.js from 4.2.0 version and prior 4.4.4 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 4.2.0 < 4.4.4
  Nodejs Node.js from 5.0.0 version and prior 5.11.1 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 5.0.0 < 5.11.1
  Nodejs Node.js 6.0.0 cpe:2.3:a:nodejs:node.js:6.0.0

Configuration #8

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0

Configuration #9

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm
  Canonical Ubuntu Linux 15.10 cpe:2.3:o:canonical:ubuntu_linux:15.10
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm