CVE-2016-7054 - OpenCVE

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openssl	Openssl

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:1.1.0:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0b:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/94238	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037261
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
https://www.exploit-db.com/exploits/40899/
https://www.openssl.org/news/secadv/20161110.txt	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: openssl

Published: 2016-11-10T00:00:00

Updated: 2017-09-02T09:57:01

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-7054

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-04T19:29:00.257

Modified: 2017-09-03T01:29:11.843

Link: CVE-2016-7054

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "openssl-1.1.0"}, {"status": "affected", "version": "openssl-1.1.0a"}, {"status": "affected", "version": "openssl-1.1.0b"}]}], "credits": [{"lang": "en", "value": "Robert \u015awi\u0119cki (Google Security Team)"}], "datePublic": "2016-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "protocol error", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-02T09:57:01", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94238", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94238"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "40899", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40899/"}, {"name": "1037261", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037261"}], "title": "ChaCha20/Poly1305 heap-buffer-overflow", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2016-11-10", "ID": "CVE-2016-7054", "STATE": "PUBLIC", "TITLE": "ChaCha20/Poly1305 heap-buffer-overflow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "openssl-1.1.0"}, {"version_value": "openssl-1.1.0a"}, {"version_value": "openssl-1.1.0b"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Robert \u015awi\u0119cki (Google Security Team)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "protocol error"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94238", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94238"}, {"name": "https://www.openssl.org/news/secadv/20161110.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "40899", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40899/"}, {"name": "1037261", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037261"}]}}}}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2016-7054", "datePublished": "2016-11-10T00:00:00", "dateReserved": "2016-08-23T00:00:00", "dateUpdated": "2017-09-02T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."}, {"lang": "es", "value": "En OpenSSL 1.1.0 anterior a 1.1.0c, las conexiones TLS que utilizan *-CHACHA20-POLY1305 ciphersuites pueden ser v\u00edctimas de una denegaci\u00f3n de servicio si se corrompe el payload. Esto puede derivar la ca\u00edda de OpenSSL. Este problema no se considera explotable m\u00e1s all\u00e1 de una denegaci\u00f3n de servicio."}], "id": "CVE-2016-7054", "lastModified": "2017-09-03T01:29:11.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-04T19:29:00.257", "references": [{"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94238"}, {"source": "openssl-security@openssl.org", "url": "http://www.securitytracker.com/id/1037261"}, {"source": "openssl-security@openssl.org", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"source": "openssl-security@openssl.org", "url": "https://www.exploit-db.com/exploits/40899/"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}