CVE-2016-7053 - OpenCVE

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openssl	Openssl

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:1.1.0:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0b:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/94244	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037261
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
https://www.openssl.org/news/secadv/20161110.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: openssl

Published: 2016-11-10T00:00:00

Updated: 2017-07-27T09:57:01

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-7053

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-04T19:29:00.213

Modified: 2017-07-28T01:29:02.533

Link: CVE-2016-7053

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "openssl-1.1.0"}, {"status": "affected", "version": "openssl-1.1.0a"}, {"status": "affected", "version": "openssl-1.1.0b"}]}], "credits": [{"lang": "en", "value": "Tyler Nighswander (ForAllSecure)"}], "datePublic": "2016-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "NULL pointer deference", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94244", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94244"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "1037261", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037261"}], "title": "CMS Null dereference", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2016-11-10", "ID": "CVE-2016-7053", "STATE": "PUBLIC", "TITLE": "CMS Null dereference"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "openssl-1.1.0"}, {"version_value": "openssl-1.1.0a"}, {"version_value": "openssl-1.1.0b"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Tyler Nighswander (ForAllSecure)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "NULL pointer deference"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94244", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94244"}, {"name": "https://www.openssl.org/news/secadv/20161110.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "1037261", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037261"}]}}}}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2016-7053", "datePublished": "2016-11-10T00:00:00", "dateReserved": "2016-08-23T00:00:00", "dateUpdated": "2017-07-27T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."}, {"lang": "es", "value": "En OpenSSL 1.1.0 anterior a 1.1.0c, las aplicaciones que analizan estructuras CMS inv\u00e1lidas pueden dejar de dar servicio por una referencia a puntero nulo. Esto se produce por un fallo en la gesti\u00f3n del tipo ASN.1 CHOICE en OpenSSL 1.1.0, lo que puede derivar en que un valor NULL sea enviado a la devoluci\u00f3n de la llamada si se intenta utilizar varias codificaciones inv\u00e1lidas. S\u00f3lo est\u00e1n afectadas estructuras CHOICE que utilicen una devoluci\u00f3n de llamada que no gestione valores NULL."}], "id": "CVE-2016-7053", "lastModified": "2017-07-28T01:29:02.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-04T19:29:00.213", "references": [{"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94244"}, {"source": "openssl-security@openssl.org", "url": "http://www.securitytracker.com/id/1037261"}, {"source": "openssl-security@openssl.org", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}