{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"OpenSSL Vulnerabilities"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2016-0023","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-07-15T09:57:42.110Z","generator":{"date":"2026-07-15T09:57:42.110Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"PAN-SA-2016-0023","initial_release_date":"2016-09-02T21:00:00.000Z","revision_history":[{"number":"1","date":"2026-07-15T02:57:42.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"GlobalProtect App","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/GlobalProtect App<=3.1.0","product":{"name":"Palo Alto Networks GlobalProtect App","product_id":"PANW-GlobalProtect-App-125"}},{"category":"product_version_range","name":"vers:generic/GlobalProtect App>=3.1.1","product":{"name":"Palo Alto Networks GlobalProtect App","product_id":"PANW-GlobalProtect-App-126"}}]},{"name":"Terminal Server Agent","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Terminal Server Agent<=7.0.5","product":{"name":"Palo Alto Networks Terminal Server Agent","product_id":"PANW-Terminal-Server-Agent-6"}},{"category":"product_version_range","name":"vers:generic/Terminal Server Agent>=7.0.6","product":{"name":"Palo Alto Networks Terminal Server Agent","product_id":"PANW-Terminal-Server-Agent-4"}}]},{"name":"User-ID Agent","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/User-ID Agent<=7.0.5","product":{"name":"Palo Alto Networks User-ID Agent","product_id":"PANW-User-ID-Agent-4"}},{"category":"product_version_range","name":"vers:generic/User-ID Agent>=7.0.6","product":{"name":"Palo Alto Networks User-ID Agent","product_id":"PANW-User-ID-Agent-5"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2016-2105","product_status":{"fixed":["PANW-GlobalProtect-App-126","PANW-Terminal-Server-Agent-4","PANW-User-ID-Agent-5"],"known_affected":["PANW-GlobalProtect-App-125","PANW-Terminal-Server-Agent-6","PANW-User-ID-Agent-4"]},"notes":[{"category":"description","text":"Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2105","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2105"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0023","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0023"}],"threats":[{"category":"impact","description":"Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."}]},{"cve":"CVE-2016-2106","product_status":{"fixed":["PANW-GlobalProtect-App-126","PANW-Terminal-Server-Agent-4","PANW-User-ID-Agent-5"],"known_affected":["PANW-GlobalProtect-App-125","PANW-Terminal-Server-Agent-6","PANW-User-ID-Agent-4"]},"notes":[{"category":"description","text":"Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2106","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2106"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0023","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0023"}],"threats":[{"category":"impact","description":"Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data."}]},{"cve":"CVE-2016-2107","product_status":{"fixed":["PANW-GlobalProtect-App-126","PANW-Terminal-Server-Agent-4","PANW-User-ID-Agent-5"],"known_affected":["PANW-GlobalProtect-App-125","PANW-Terminal-Server-Agent-6","PANW-User-ID-Agent-4"]},"notes":[{"category":"description","text":"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2107","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2107"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0023","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0023"}],"threats":[{"category":"impact","description":"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169."}]},{"cve":"CVE-2016-2109","product_status":{"fixed":["PANW-GlobalProtect-App-126","PANW-Terminal-Server-Agent-4","PANW-User-ID-Agent-5"],"known_affected":["PANW-GlobalProtect-App-125","PANW-Terminal-Server-Agent-6","PANW-User-ID-Agent-4"]},"notes":[{"category":"description","text":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2109","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2109"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0023","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0023"}],"threats":[{"category":"impact","description":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."}]},{"cve":"CVE-2016-2176","product_status":{"fixed":["PANW-GlobalProtect-App-126","PANW-Terminal-Server-Agent-4","PANW-User-ID-Agent-5"],"known_affected":["PANW-GlobalProtect-App-125","PANW-Terminal-Server-Agent-6","PANW-User-ID-Agent-4"]},"notes":[{"category":"description","text":"The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."}],"references":[{"category":"external","summary":"NVD - CVE-2016-2176","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2176"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0023","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0023"}],"threats":[{"category":"impact","description":"The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."}]}]}