Vulnerability in OpenSSL - OCSP Status Request extension unbounded memory growth

2016-09-22T00:00:00
ID OPENSSL:CVE-2016-6304
Type openssl
Reporter OpenSSL
Modified 2016-09-22T00:00:00

Description

A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support. Reported by Shi Lei (Gear Team, Qihoo 360 Inc.).