Launchpad CVE tracker

CVE 2016-2182

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Related bugs and status

CVE-2016-2182 (Candidate) is related to these bugs:

Bug #1593953: EC_KEY_generate_key() causes FIPS self-test failure

Summary				In	Importance	Status
	1593953	EC_KEY_generate_key() causes FIPS self-test failure		openssl (Ubuntu)	Undecided	Fix Released
	1593953	EC_KEY_generate_key() causes FIPS self-test failure		openssl (Ubuntu Xenial)	Undecided	Fix Released

Bug #1594748: CRYPTO_set_mem_functions() is broken

		In	Importance	Status
1594748	CRYPTO_set_mem_functions() is broken	openssl (Ubuntu)	Undecided	Fix Released
1594748	CRYPTO_set_mem_functions() is broken	OpenSSL	Unknown	Invalid
1594748	CRYPTO_set_mem_functions() is broken	openssl (Ubuntu Xenial)	Undecided	Fix Released

Bug #1614210: Remove incomplete fips in openssl in xenial.

		In	Importance	Status
1614210	Remove incomplete fips in openssl in xenial.	openssl (Ubuntu)	Undecided	Fix Released
1614210	Remove incomplete fips in openssl in xenial.	openssl (Ubuntu Xenial)	Undecided	Fix Released
1614210	Remove incomplete fips in openssl in xenial.	openssl (Ubuntu Yakkety)	Undecided	Fix Released

Bug #1622500: Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04

		In	Importance	Status
1622500	Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04	openssl (Ubuntu)	Undecided	Invalid
1622500	Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04	openssl (Ubuntu Trusty)	Undecided	Fix Released
1622500	Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04	openssl (Ubuntu Precise)	Undecided	Fix Released

Bug #1626883: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

		In	Importance	Status
1626883	libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault	openssl (Ubuntu)	Medium	Fix Released
1626883	libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault	openssl (Ubuntu Trusty)	High	Fix Released
1626883	libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault	openssl (Ubuntu Precise)	High	Fix Released
1626883	libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault	openssl (Ubuntu Xenial)	High	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2182

References