CVE-2016-2180
Public on 2016-08-01
Modified on 2016-10-12
Description
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | openssl | 2016-10-12 | ALAS-2016-755 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 1.9 | AV:L/AC:M/Au:N/C:N/I:N/A:P |
| Amazon Linux | CVSSv3 | 5.1 | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |