Veracode Vulnerability DatabaseVERACODE:3426Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
OpenSSL is vulnerable to denial of service (DoS) attacks. The library does not clear DTLS handshake messages when they are delivered out of order even when the handshake has been completed. A malicious user can take advantage of this by opening multiple DTLS connections to the system, causing a denial of service via memory consumption.
References
kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
rhn.redhat.com/errata/RHSA-2016-1940.html
www-01.ibm.com/support/docview.wss?uid=swg21995039
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
www.securityfocus.com/bid/92987
www.securitytracker.com/id/1036689
www.splunk.com/view/SP-CAAAPSV
www.splunk.com/view/SP-CAAAPUE
bto.bluecoat.com/security-advisory/sa132
bugzilla.redhat.com/show_bug.cgi?id=1369504
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
www.openssl.org/news/vulnerabilities.html
www.openssl.org/news/vulnerabilities.html#y2017
www.tenable.com/security/tns-2016-16
www.tenable.com/security/tns-2016-20
www.tenable.com/security/tns-2016-21
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P