7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
OpenSSL is vulnerable to denial of service (DoS) attacks. A malicious user can cause a memory leak by seeking to connect to the system with an invalid username. By opening multiple invalid connections this way, the malicious user can cause the system to run out of memory.
kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
openssl.org/news/secadv/20160301.txt
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
www.debian.org/security/2016/dsa-3500
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/83705
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1035133
www.ubuntu.com/usn/USN-2914-1
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21
git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21
github.com/FredericJacobs/OpenSSL-Pod/blob/master/1.0.207/OpenSSL.podspec#L14
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
security.gentoo.org/glsa/201603-15
www.openssl.org/news/secadv/20160301.txt
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C