Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

  • Published: May 5, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-2107
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.9
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 2.6
  • AV:N/AC:H/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_server_aus 7.2 7.2.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_hpc_node 7.0 7.0.x
redhat / enterprise_linux_server_eus 7.2 7.2.x
redhat / enterprise_linux_hpc_node_eus 7.2 7.2.x
opensuse / leap 42.1 42.1.x
opensuse / opensuse 13.2 13.2.x
openssl / openssl 1.0.2a 1.0.2a.x
openssl / openssl 1.0.2e 1.0.2e.x
openssl / openssl 1.0.2b 1.0.2b.x
openssl / openssl 1.0.2g 1.0.2g.x
openssl / openssl 1.0.2c 1.0.2c.x
openssl / openssl 1.0.2-beta3 1.0.2-beta3.x
openssl / openssl 1.0.2-beta1 1.0.2-beta1.x
openssl / openssl - 1.0.1s.x
openssl / openssl 1.0.2 1.0.2.x
openssl / openssl 1.0.2f 1.0.2f.x
openssl / openssl 1.0.2-beta2 1.0.2-beta2.x
openssl / openssl 1.0.2d 1.0.2d.x
google / android 5.1.0 5.1.0.x
google / android 4.2 4.2.x
google / android 4.1 4.1.x
google / android 4.0.2 4.0.2.x
google / android 4.4.3 4.4.3.x
google / android 4.0.4 4.0.4.x
google / android 4.3 4.3.x
google / android 4.0.1 4.0.1.x
google / android 4.2.1 4.2.1.x
google / android 5.0.1 5.0.1.x
google / android 5.0 5.0.x
google / android 4.0.3 4.0.3.x
google / android 4.0 4.0.x
google / android 4.4 4.4.x
google / android 4.4.1 4.4.1.x
google / android 4.2.2 4.2.2.x
google / android 4.3.1 4.3.1.x
google / android 4.4.2 4.4.2.x
google / android 5.1 5.1.x
google / android 4.1.2 4.1.2.x
hp / helion_openstack 2.1.2 2.1.2.x
hp / helion_openstack 2.1.4 2.1.4.x
redhat / enterprise_linux_hpc_node 6.0 6.0.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x
nodejs / node.js 6.0.0 6.0.0.x
nodejs / node.js 4.0.0 4.1.2.x
nodejs / node.js 0.12.0 0.12.14
nodejs / node.js 0.10.0 0.10.45
nodejs / node.js 4.2.0 4.4.4
nodejs / node.js 5.0.0 5.11.1
debian / debian_linux 8.0 8.0.x
canonical / ubuntu_linux 15.10 15.10.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 12.04 12.04.x
hp / helion_openstack 2.1.0 2.1.0.x
hp / helion_openstack 2.0.0 2.0.0.x