Lucene search

K
cvelistRedhatCVELIST:CVE-2016-8610
HistoryNov 13, 2017 - 10:00 p.m.

CVE-2016-8610

2017-11-1322:00:00
CWE-400
redhat
www.cve.org

7.5 High

AI Score

Confidence

High

0.202 Low

EPSS

Percentile

96.4%

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

CNA Affected

[
  {
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "status": "affected",
        "version": "All 0.9.8"
      },
      {
        "status": "affected",
        "version": "All 1.0.1"
      },
      {
        "status": "affected",
        "version": "1.0.2 through 1.0.2h"
      },
      {
        "status": "affected",
        "version": "1.1.0"
      }
    ]
  }
]

References