CVE-2016-0797
An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code.
Find out more about CVE-2016-0797 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor7) | RHSA-2016:0379 | 2016-03-09 |
| Red Hat Enterprise Linux 6 (openssl) | RHSA-2016:0301 | 2016-03-01 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) | RHSA-2016:0379 | 2016-03-09 |
| Red Hat JBoss Core Services 1 | RHSA-2016:2957 | 2016-12-15 |
| Red Hat Enterprise Linux 7 (openssl) | RHSA-2016:0301 | 2016-03-01 |
| Red Hat Enterprise Linux 5 (openssl) | RHSA-2016:0302 | 2016-03-01 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Web Server 3.0 | openssl | Will not fix |
| Red Hat JBoss EWS 2 | openssl | Not affected |
| Red Hat JBoss EAP 6 | openssl | Not affected |
| Red Hat Enterprise Linux Extended Update Support 7.2 | rhel-guest-image | Will not fix |
| Red Hat Enterprise Linux Extended Update Support 6.7 | guest-images | Will not fix |
| RHEV Manager 3 | rhev-hypervisor | Will not fix |