Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. (CVE-2016-6304)
Impact
A remote attacker can continuously request Secure Sockets Layer (SSL) renegotiation, sending an excessively large Online Certificate Status Protocol (OCSP) Status Request extension each time. This causes memory consumption growth on the BIG-IP system, which can eventually lead to a denial of service (DoS) due to memory exhaustion.