CVE-2016-7053 - OpenCVE

In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openssl	Openssl

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:1.1.0:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0b:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94244
http://www.securitytracker.com/id/1037261
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
https://nvd.nist.gov/vuln/detail/CVE-2016-7053
https://www.cve.org/CVERecord?id=CVE-2016-7053
https://www.openssl.org/news/secadv/20161110.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2017-05-04T19:00:00Z

Updated: 2024-09-16T20:52:38.446Z

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-7053

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-04T19:29:00.213

Modified: 2017-07-28T01:29:02.533

Link: CVE-2016-7053

Redhat

Severity : Moderate

Publid Date: 2016-11-10T00:00:00Z

Links: CVE-2016-7053 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "openssl-1.1.0"}, {"status": "affected", "version": "openssl-1.1.0a"}, {"status": "affected", "version": "openssl-1.1.0b"}]}], "credits": [{"lang": "en", "value": "Tyler Nighswander (ForAllSecure)"}], "datePublic": "2016-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "NULL pointer deference", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94244", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94244"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "1037261", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037261"}], "title": "CMS Null dereference", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2016-11-10", "ID": "CVE-2016-7053", "STATE": "PUBLIC", "TITLE": "CMS Null dereference"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "openssl-1.1.0"}, {"version_value": "openssl-1.1.0a"}, {"version_value": "openssl-1.1.0b"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Tyler Nighswander (ForAllSecure)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "NULL pointer deference"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94244", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94244"}, {"name": "https://www.openssl.org/news/secadv/20161110.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "1037261", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037261"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:47.395Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94244", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94244"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "1037261", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037261"}]}]}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2016-7053", "datePublished": "2017-05-04T19:00:00Z", "dateReserved": "2016-08-23T00:00:00", "dateUpdated": "2024-09-16T20:52:38.446Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."}, {"lang": "es", "value": "En OpenSSL 1.1.0 anterior a 1.1.0c, las aplicaciones que analizan estructuras CMS inv\u00e1lidas pueden dejar de dar servicio por una referencia a puntero nulo. Esto se produce por un fallo en la gesti\u00f3n del tipo ASN.1 CHOICE en OpenSSL 1.1.0, lo que puede derivar en que un valor NULL sea enviado a la devoluci\u00f3n de la llamada si se intenta utilizar varias codificaciones inv\u00e1lidas. S\u00f3lo est\u00e1n afectadas estructuras CHOICE que utilicen una devoluci\u00f3n de llamada que no gestione valores NULL."}], "id": "CVE-2016-7053", "lastModified": "2017-07-28T01:29:02.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-04T19:29:00.213", "references": [{"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94244"}, {"source": "openssl-security@openssl.org", "url": "http://www.securitytracker.com/id/1037261"}, {"source": "openssl-security@openssl.org", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Tyler Nighswander (ForAllSecure) as the original reporter.", "bugzilla": {"description": "openssl: CMS Null dereference vulnerability", "id": "1393930", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393930"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected."], "name": "CVE-2016-7053", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "OVMF", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2016-11-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7053\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7053\nhttps://www.openssl.org/news/secadv/20161110.txt"], "threat_severity": "Moderate", "upstream_fix": "openssl 1.1.0c"}