Vulnerability Data

by Reconmap

CVE-2016-7054

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Published at
2017-05-04T19:29Z
2558 days ago
Modified
2017-09-03T01:29Z
2437 days ago
CWE-284
Problem type

Impact

CVSS v3 vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References


URLType
www.openssl.org
https://www.openssl.org/news/secadv/20161110.txt		CONFIRM
94238
http://www.securityfocus.com/bid/94238		BID
h20566.www2.hpe.com
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us		CONFIRM
1037261
http://www.securitytracker.com/id/1037261		SECTRACK
40899
https://www.exploit-db.com/exploits/40899/		EXPLOIT-DB

GET https://vulnerabilitydata.com/api/details/CVE-2016-7054

{
	"id": "CVE-2016-7054",
	"published_date": "2017-05-04T19:29Z",
	"last_modified_date": "2017-09-03T01:29Z",
	"assigner": "openssl-security@openssl.org",
	"description": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.",
	"references": [
		{
			"url": "https://www.openssl.org/news/secadv/20161110.txt",
			"name": "https://www.openssl.org/news/secadv/20161110.txt",
			"refsource": "CONFIRM",
			"tags": [
				"Patch",
				"Vendor Advisory"
			]
		},
		{
			"url": "http://www.securityfocus.com/bid/94238",
			"name": "94238",
			"refsource": "BID",
			"tags": [
				"Third Party Advisory",
				"VDB Entry"
			]
		},
		{
			"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us",
			"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://www.securitytracker.com/id/1037261",
			"name": "1037261",
			"refsource": "SECTRACK",
			"tags": []
		},
		{
			"url": "https://www.exploit-db.com/exploits/40899/",
			"name": "40899",
			"refsource": "EXPLOIT-DB",
			"tags": []
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.0",
				"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
				"attackVector": "NETWORK",
				"attackComplexity": "LOW",
				"privilegesRequired": "NONE",
				"userInteraction": "NONE",
				"scope": "UNCHANGED",
				"confidentialityImpact": "NONE",
				"integrityImpact": "NONE",
				"availabilityImpact": "HIGH",
				"baseScore": 7.5,
				"baseSeverity": "HIGH"
			},
			"exploitabilityScore": 3.9,
			"impactScore": 3.6
		},
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
				"accessVector": "NETWORK",
				"accessComplexity": "LOW",
				"authentication": "NONE",
				"confidentialityImpact": "NONE",
				"integrityImpact": "NONE",
				"availabilityImpact": "PARTIAL",
				"baseScore": 5
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 10,
			"impactScore": 2.9,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-284"
}