Back to search
CVE-2016-2107
Published: May 5, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSA:2016-124-01
vendor-advisory
openSUSE-SU-2016:1238
vendor-advisory
RHSA-2016:2073
vendor-advisory
DSA-3566
vendor-advisory
openSUSE-SU-2016:1243
vendor-advisory
GLSA-201612-16
vendor-advisory
SUSE-SU-2016:1228
vendor-advisory
1035721
vdb-entry
SUSE-SU-2016:1206
vendor-advisory
FEDORA-2016-1e39d934ed
vendor-advisory
FEDORA-2016-1411324654
vendor-advisory
openSUSE-SU-2016:1240
vendor-advisory
openSUSE-SU-2016:1566
vendor-advisory
APPLE-SA-2016-07-18-1
vendor-advisory
SUSE-SU-2016:1233
vendor-advisory
openSUSE-SU-2016:1237
vendor-advisory
RHSA-2016:0996
vendor-advisory
91787
vdb-entry
89760
vdb-entry
RHSA-2016:2957
vendor-advisory
USN-2959-1
vendor-advisory
RHSA-2016:0722
vendor-advisory
FreeBSD-SA-16:17
vendor-advisory
FEDORA-2016-05c567df1a
vendor-advisory
39768
exploit
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now