VYPR
Get started
← All advisories
Critical severity9.8NVD Advisory· Published May 5, 2016· Updated May 6, 2026

CVE-2016-2108

CVE-2016-2108

Description

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Affected products

40
  • OpenSSL Project/OpenSSL7 versions
    cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: <=1.0.1n
    • cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
  • Google/Android22 versions
    cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop2 versions
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Hpc Node2 versions
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Hpc Node Eus
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server2 versions
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Eus
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation2 versions
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

57

News mentions

0

No linked articles in our index yet.