According to its banner, the version of OpenSSL on the remote host is prior to 1.1.0a and is affected by the following vulnerabilities :
- A flaw exists in the ‘ssl_parse_clienthello_tlsext()’ function in ‘ssl/t1_lib.c’ that is triggered when handling overly large OCSP Status Request extensions from clients. This may allow a remote attacker to exhaust available memory in a process linked against the library. (CVE-2016-6304)
- A flaw exists in the ‘SSL_peek()’ function in ‘ssl/record/rec_layer_s3.c’ that is triggered during the handling of an empty record. This may allow a remote attacker to cause SSL or TLS to hang in a process linked against the library. (CVE-2016-6305)
- A flaw exists in the ‘tls_get_message_header()’ function in ‘ssl/statem/statem_lib.c’ that is triggered when handling TLS messages. With a specially crafted request, a remote attacker can cause a process linked against the library to exhaust available memory. (CVE-2016-6307)
According to the vendor, this issue will only have a security impact if one of the following conditions are met :
- The application does not call ‘SSL_free()’ in a timely manner in the event that the connection fails,
- The application is working in a constrained environment where there is very little free memory, or
- The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection, ‘SSL_free()’ has not yet been called, and there is insufficient memory to service the multiple requests.
- A flaw exists in the ‘dtls1_preprocess_fragment()’ function in ‘ssl/statem/statem_dtls.c’ that is triggered during the handling of excessively long DTLS messages. This may allow a remote attacker to exhaust memory resources in a process linked against the library. (CVE-2016-6308)
According to the vendor, this issue will only have a security impact if one of the following conditions are met :
- The application does not call ‘SSL_free()’ in a timely manner in the event that the connection fails,
- The application is working in a constrained environment where there is very little free memory, or
- The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection, ‘SSL_free()’ has not yet been called, and there is insufficient memory to service the multiple requests.