FreeBSD0FCD3AF0-A0FE-11E6-B1CF-14DAE9D210B8FreeBSD -- OpenSSL Remote DoS vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.202 Low
EPSS
Percentile
96.3%
Problem Description:
Due to improper handling of alert packets, OpenSSL would
consume an excessive amount of CPU time processing undefined
alert messages.
Impact:
A remote attacker who can initiate handshakes with an
OpenSSL based server can cause the server to consume a lot
of computation power with very little bandwidth usage, and
may be able to use this technique in a leveraged Denial of
Service attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | freebsd | = 10.3 | UNKNOWN |
| FreeBSD | any | noarch | freebsd | < 10.3_12 | UNKNOWN |
| FreeBSD | any | noarch | openssl | < 1.0.2i,1 | UNKNOWN |
| FreeBSD | any | noarch | openssl-devel | < 1.1.0a | UNKNOWN |
| FreeBSD | any | noarch | linux-c6-openssl | < 1.0.1e_13 | UNKNOWN |
| FreeBSD | any | noarch | linux-c7-openssl-libs | < 1.0.1e_3 | UNKNOWN |
References
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.202 Low
EPSS
Percentile
96.3%