Lucene search

K
cveRedhatCVE-2016-6304
HistorySep 26, 2016 - 7:59 p.m.

CVE-2016-6304

2016-09-2619:59:00
CWE-401
redhat
web.nvd.nist.gov
226
openssl
memory leaks
t1_lib.c
cve-2016-6304
denial of service
nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.9

Confidence

High

EPSS

0.566

Percentile

97.7%

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Affected configurations

Nvd
Node
opensslopensslMatch1.0.2
OR
opensslopensslMatch1.0.2beta1
OR
opensslopensslMatch1.0.2beta2
OR
opensslopensslMatch1.0.2beta3
OR
opensslopensslMatch1.0.2a
OR
opensslopensslMatch1.0.2b
OR
opensslopensslMatch1.0.2c
OR
opensslopensslMatch1.0.2d
OR
opensslopensslMatch1.0.2e
OR
opensslopensslMatch1.0.2f
OR
opensslopensslMatch1.0.2h
Node
opensslopensslMatch1.1.0
Node
opensslopensslMatch1.0.1
OR
opensslopensslMatch1.0.1beta1
OR
opensslopensslMatch1.0.1beta2
OR
opensslopensslMatch1.0.1beta3
OR
opensslopensslMatch1.0.1a
OR
opensslopensslMatch1.0.1b
OR
opensslopensslMatch1.0.1c
OR
opensslopensslMatch1.0.1d
OR
opensslopensslMatch1.0.1e
OR
opensslopensslMatch1.0.1f
OR
opensslopensslMatch1.0.1g
OR
opensslopensslMatch1.0.1h
OR
opensslopensslMatch1.0.1i
OR
opensslopensslMatch1.0.1j
OR
opensslopensslMatch1.0.1k
OR
opensslopensslMatch1.0.1l
OR
opensslopensslMatch1.0.1m
OR
opensslopensslMatch1.0.1n
OR
opensslopensslMatch1.0.1o
OR
opensslopensslMatch1.0.1p
OR
opensslopensslMatch1.0.1q
OR
opensslopensslMatch1.0.1r
OR
opensslopensslMatch1.0.1s
OR
opensslopensslMatch1.0.1t
Node
nodejsnode.jsRange0.10.00.10.47-
OR
nodejsnode.jsRange0.12.00.12.16-
OR
nodejsnode.jsRange4.0.04.6.0-
OR
nodejsnode.jsRange6.0.06.7.0-
Node
novellsuse_linux_enterprise_module_for_web_scriptingMatch12.0
VendorProductVersionCPE
opensslopenssl1.0.2hcpe:/a:openssl:openssl:1.0.2h:::
opensslopenssl1.0.2cpe:/a:openssl:openssl:1.0.2:beta3::
opensslopenssl1.0.2dcpe:/a:openssl:openssl:1.0.2d:::
opensslopenssl1.0.2cpe:/a:openssl:openssl:1.0.2:::
opensslopenssl1.0.2bcpe:/a:openssl:openssl:1.0.2b:::
opensslopenssl1.0.2cpe:/a:openssl:openssl:1.0.2:beta2::
opensslopenssl1.0.2acpe:/a:openssl:openssl:1.0.2a:::
opensslopenssl1.0.2fcpe:/a:openssl:openssl:1.0.2f:::
opensslopenssl1.0.2ecpe:/a:openssl:openssl:1.0.2e:::
opensslopenssl1.0.2cpe:/a:openssl:openssl:1.0.2:beta1::
Rows per page:
1-10 of 111

References

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.9

Confidence

High

EPSS

0.566

Percentile

97.7%