15 matches found
Siemens SCALANCE X-200RNA Switch Devices Uncontrolled Resource Consumption (CVE-2016-6307)
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c. This plugin onl...
K09422508: OpenSSL vulnerabilities CVE-2016-6307 and CVE-2016-6308
Security Advisory Description CVE-2016-6307 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to...
Security Bulletin: Multiple Vulnerabilities in Glibc, GNU C and OpenSSL affect IBM Netezza Firmware Diagnostics
Summary Glibc, GNU C and OpenSSL are used by IBM Netezza Firmware Diagnostics. IBM Netezza Firmware Diagnostics Support Tools has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1234 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a stack-based buffer...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cloud Manager. IBM Cloud Manager has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...
Internet Bug Bounty: Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being...
SOL09422508 - OpenSSL vulnerabilities CVE-2016-6302, CVE-2016-6307, and CVE-2016-6308
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
OpenSSL < 1.1.0a Multiple Vulnerabilities
Binary data 9626.prm...
OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0a. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0a advisory. - The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of...
CVE-2016-6307
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c...
Vulnerability in OpenSSL - Fix Use After Free for large message sizes
This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a danglin...
CVE-2016-6307
OpenSSL CVE-2016-6307 (and related CVE-2016-6308) describe a memory-allocation flaw in the 1.1.0 series: the state-machine/dtls1 preprocessing paths allocate memory before checking excessive message length in TLS/DTLS messages, enabling potential denial-of-service via memory consumption. Details ...
OpenSSL SSL_peek hang on empty record DoS Vulnerability - Linux
OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...
[slackware-security] openssl
New openssl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2i-i586-1slack14.2.txz: Upgraded. This update fixes denial-of-service and other security issues. For more...