VDB

CVE-2016-0798

CVE-2016-0798 PUBLISHED

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

EPSS 25.96% · 96.4th percentile

Risk Scores

EPSS Score
25.96%
96.4th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSopenssl1.0.2d-0ubuntu1, 1.0.2d-0ubuntu2, 1.0.2e-1ubuntu1
Ubuntu:14.04:LTSopenssl0, 1.0.1e-3ubuntu1, 1.0.1e-4ubuntu2

Exploit Intelligence

…and 627 more exploits

Timeline

  • Mar 1, 2016 CVE Published
  • Oct 2, 2020 PoC Published
  • Nov 6, 2020 PoC Published
  • Sep 6, 2021 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 16, 2023 EPSS Score
  • Aug 14, 2023 EPSS Score
  • Oct 9, 2024 PoC Published
  • Dec 12, 2024 PoC Published
  • Dec 17, 2024 EPSS Score
  • Mar 22, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›