CVE-2016-2108 in Mac OS Xinfo

Summary

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

01/29/2016

Disclosure

05/04/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
89774Apple Mac OS X OpenSSL memory corruption119Not definedOfficial fixCVE-2016-2108
89750Apple Mac OS X LibreSSL memory corruption119Not definedOfficial fixCVE-2016-2108
83254OpenSSL ASN.1 Encoder a_int.c memory corruption119Not definedOfficial fixCVE-2016-2108

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!