CVE-2016-7054

{"id": "CVE-2016-7054", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-04T19:29:00.257", "references": [{"url": "http://www.securityfocus.com/bid/94238", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "http://www.securitytracker.com/id/1037261", "source": "openssl-security@openssl.org"}, {"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", "source": "openssl-security@openssl.org"}, {"url": "https://www.exploit-db.com/exploits/40899/", "source": "openssl-security@openssl.org"}, {"url": "https://www.openssl.org/news/secadv/20161110.txt", "tags": ["Patch", "Vendor Advisory"], "source": "openssl-security@openssl.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."}, {"lang": "es", "value": "En OpenSSL 1.1.0 anterior a 1.1.0c, las conexiones TLS que utilizan *-CHACHA20-POLY1305 ciphersuites pueden ser v\u00edctimas de una denegaci\u00f3n de servicio si se corrompe el payload. Esto puede derivar la ca\u00edda de OpenSSL. Este problema no se considera explotable m\u00e1s all\u00e1 de una denegaci\u00f3n de servicio."}], "lastModified": "2017-09-03T01:29:11.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511"}], "operator": "OR"}]}], "sourceIdentifier": "openssl-security@openssl.org"}