CVE-2016-0798 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-0798 PUBLISHED

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

EPSS 26.16% · 96.2th percentile

Risk Scores

EPSS Score

26.16%

96.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	openssl	0, 1.0.2d-0ubuntu1, 1.0.2d-0ubuntu2
Ubuntu:14.04:LTS	openssl	1.0.1e-4ubuntu4, 1.0.1f-1ubuntu1, 1.0.1f-1ubuntu2

Timeline

Mar 1, 2016 CVE Published
Oct 2, 2020 PoC Published
Nov 6, 2020 PoC Published
Sep 6, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 16, 2023 EPSS Score
Aug 14, 2023 EPSS Score
Oct 9, 2024 PoC Published
Dec 12, 2024 PoC Published
Dec 17, 2024 EPSS Score
Mar 22, 2025 EPSS Score
Mar 25, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2016-0798 third-party-advisory
https://www.openssl.org/news/secadv/20160301.txt third-party-advisory
https://ubuntu.com/security/notices/USN-2914-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-0798 third-party-advisory
Multiples vulnérabilités dans les produits Siemens advisory

Open in Interactive Console →