Lucene search

[email protected]CVE-2016-6304

HistorySep 26, 2016 - 7:59 p.m.

CVE-2016-6304

2016-09-2619:59:00

CWE-401

[email protected]

web.nvd.nist.gov

211

openssl

memory leaks

t1_lib.c

cve-2016-6304

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.458 Medium

EPSS

Percentile

97.4%

JSON

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

CPENameOperatorVersion
openssl:opensslopenssleq1.0.2a
openssl:opensslopenssleq1.0.2e
openssl:opensslopenssleq1.0.2b
openssl:opensslopenssleq1.0.2h
openssl:opensslopenssleq1.0.2c
openssl:opensslopenssleq1.0.2
openssl:opensslopenssleq1.0.2f
openssl:opensslopenssleq1.0.2d
openssl:opensslopenssleq1.1.0
openssl:opensslopenssleq1.0.1m

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	1.0.2a
openssl:openssl	openssl	eq	1.0.2e
openssl:openssl	openssl	eq	1.0.2b
openssl:openssl	openssl	eq	1.0.2h
openssl:openssl	openssl	eq	1.0.2c
openssl:openssl	openssl	eq	1.0.2
openssl:openssl	openssl	eq	1.0.2f
openssl:openssl	openssl	eq	1.0.2d
openssl:openssl	openssl	eq	1.1.0
openssl:openssl	openssl	eq	1.0.1m

Rows per page:

1-10 of 351

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html

rhn.redhat.com/errata/RHSA-2016-1940.html

rhn.redhat.com/errata/RHSA-2016-2802.html

rhn.redhat.com/errata/RHSA-2017-1415.html

rhn.redhat.com/errata/RHSA-2017-1659.html

seclists.org/fulldisclosure/2016/Dec/47

seclists.org/fulldisclosure/2016/Oct/62

seclists.org/fulldisclosure/2017/Jul/31

www-01.ibm.com/support/docview.wss?uid=swg21995039

www.debian.org/security/2016/dsa-3673

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/93150

www.securitytracker.com/id/1036878

www.securitytracker.com/id/1037640

www.splunk.com/view/SP-CAAAPSV

www.splunk.com/view/SP-CAAAPUE

www.ubuntu.com/usn/USN-3087-1

www.ubuntu.com/usn/USN-3087-2

access.redhat.com/errata/RHSA-2017:1413

access.redhat.com/errata/RHSA-2017:1414

access.redhat.com/errata/RHSA-2017:1658

access.redhat.com/errata/RHSA-2017:1801

access.redhat.com/errata/RHSA-2017:1802

access.redhat.com/errata/RHSA-2017:2493

access.redhat.com/errata/RHSA-2017:2494

bto.bluecoat.com/security-advisory/sa132

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

kc.mcafee.com/corporate/index?page=content&id=SB10171

kc.mcafee.com/corporate/index?page=content&id=SB10215

nodejs.org/en/blog/vulnerability/september-2016-security-releases/

security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc

security.gentoo.org/glsa/201612-16

www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

www.openssl.org/news/secadv/20160922.txt

www.tenable.com/security/tns-2016-16

www.tenable.com/security/tns-2016-20

www.tenable.com/security/tns-2016-21

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.458 Medium

EPSS

Percentile

97.4%

JSON

CVE-2016-6304

References

Related