CVE-2016-7054 - OpenCVE

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openssl	Openssl

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:1.1.0:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0b:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94238
http://www.securitytracker.com/id/1037261
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
https://nvd.nist.gov/vuln/detail/CVE-2016-7054
https://www.cve.org/CVERecord?id=CVE-2016-7054
https://www.exploit-db.com/exploits/40899/
https://www.openssl.org/news/secadv/20161110.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2017-05-04T19:00:00Z

Updated: 2024-09-17T00:30:27.920Z

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-7054

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-04T19:29:00.257

Modified: 2017-09-03T01:29:11.843

Link: CVE-2016-7054

Redhat

Severity : Important

Publid Date: 2016-11-10T00:00:00Z

Links: CVE-2016-7054 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "openssl-1.1.0"}, {"status": "affected", "version": "openssl-1.1.0a"}, {"status": "affected", "version": "openssl-1.1.0b"}]}], "credits": [{"lang": "en", "value": "Robert \u015awi\u0119cki (Google Security Team)"}], "datePublic": "2016-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "protocol error", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-02T09:57:01", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94238", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94238"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "40899", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40899/"}, {"name": "1037261", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037261"}], "title": "ChaCha20/Poly1305 heap-buffer-overflow", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2016-11-10", "ID": "CVE-2016-7054", "STATE": "PUBLIC", "TITLE": "ChaCha20/Poly1305 heap-buffer-overflow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "openssl-1.1.0"}, {"version_value": "openssl-1.1.0a"}, {"version_value": "openssl-1.1.0b"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Robert \u015awi\u0119cki (Google Security Team)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "protocol error"}]}]}, "references": {"reference_data": [{"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94238", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94238"}, {"name": "https://www.openssl.org/news/secadv/20161110.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "40899", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40899/"}, {"name": "1037261", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037261"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:47.489Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"name": "94238", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94238"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}, {"name": "40899", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/40899/"}, {"name": "1037261", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037261"}]}]}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2016-7054", "datePublished": "2017-05-04T19:00:00Z", "dateReserved": "2016-08-23T00:00:00", "dateUpdated": "2024-09-17T00:30:27.920Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."}, {"lang": "es", "value": "En OpenSSL 1.1.0 anterior a 1.1.0c, las conexiones TLS que utilizan *-CHACHA20-POLY1305 ciphersuites pueden ser v\u00edctimas de una denegaci\u00f3n de servicio si se corrompe el payload. Esto puede derivar la ca\u00edda de OpenSSL. Este problema no se considera explotable m\u00e1s all\u00e1 de una denegaci\u00f3n de servicio."}], "id": "CVE-2016-7054", "lastModified": "2017-09-03T01:29:11.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-04T19:29:00.257", "references": [{"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94238"}, {"source": "openssl-security@openssl.org", "url": "http://www.securitytracker.com/id/1037261"}, {"source": "openssl-security@openssl.org", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"}, {"source": "openssl-security@openssl.org", "url": "https://www.exploit-db.com/exploits/40899/"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20161110.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Robert \u015awi\u0119cki (Google Security Team) as the original reporter.", "bugzilla": {"description": "openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS", "id": "1393920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393920"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."], "name": "CVE-2016-7054", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "OVMF", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2016-11-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7054\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7054\nhttps://www.openssl.org/news/secadv/20161110.txt"], "threat_severity": "Important", "upstream_fix": "openssl 1.1.0c"}