CVE-2016-2182

Low

Low Medium High Critical

CVSS Score

Published: Sep 16, 2016

Last Modified: Apr 12, 2025

Vulnerability Description

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Known Affected Software

37 configuration(s) from 3 vendor(s)

icewall_sso_agent_option

Version:

10.0

CPE:

cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*

icewall_sso

Version:

10.0

CPE:

cpe:2.3:a:hp:icewall_sso:10.0:p9:*:*:certd:*:*:*

icewall_mcrp

Version:

3.0

CPE:

cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*

icewall_federation_agent

Version:

3.0

CPE:

cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*

openssl

Version:

1.0.1d

CPE:

cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

openssl

Version:

1.0.2c

CPE:

cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

openssl

Version:

1.0.1b

CPE:

cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

openssl

Version:

1.0.1a

CPE:

cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

openssl

Version:

1.0.2g

CPE:

cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*

openssl

Version:

1.0.1k

CPE:

cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

openssl

Version:

1.0.1n

CPE:

cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*

openssl

Version:

1.0.1s

CPE:

cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*

openssl

Version:

1.0.1q

CPE:

cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*

openssl

Version:

1.0.2e

CPE:

cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

openssl

Version:

1.0.2

CPE:

cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:*

openssl

Version:

1.0.1r

CPE:

cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*

openssl

Version:

1.0.2d

CPE:

cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

openssl

Version:

1.0.2h

CPE:

cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

openssl

Version:

1.0.1i

CPE:

cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

openssl

Version:

1.0.2a

CPE:

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

openssl

Version:

1.0.1f

CPE:

cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

openssl

Version:

1.0.1h

CPE:

cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

openssl

Version:

1.0.1j

CPE:

cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

openssl

Version:

1.0.1p

CPE:

cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*

openssl

Version:

1.0.1g

CPE:

cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

openssl

Version:

1.0.1e

CPE:

cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

openssl

Version:

1.0.2f

CPE:

cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

openssl

Version:

1.0.1

CPE:

cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*

openssl

Version:

1.0.1m

CPE:

cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*

openssl

Version:

1.0.1l

CPE:

cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

openssl

Version:

1.0.1c

CPE:

cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

openssl

Version:

1.0.1t

CPE:

cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*

openssl

Version:

1.0.1o

CPE:

cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*

openssl

Version:

1.0.2b

CPE:

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

linux

Version:

CPE:

cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*

linux

Version:

CPE:

cpe:2.3:o:oracle:linux:7:8:*:*:*:*:*:*

linux

Version:

CPE:

cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*

This vulnerability affects 37 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-787 Top 25 #2

Out-of-bounds Write

Description: The product writes data past the end, or before the beginning, of the intended buffer.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Base