[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-6304

Date: (C)2016-09-27   (M)2018-01-05 


Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

CVSS Score: 7.8Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE





Reference:
SECTRACK-1036878
SECTRACK-1037640
BID-93150
FreeBSD-SA-16:26
GLSA-201612-16
RHSA-2016:1940
RHSA-2016:2802
RHSA-2017:1413
RHSA-2017:1414
RHSA-2017:1415
RHSA-2017:1658
RHSA-2017:1659
RHSA-2017:1801
RHSA-2017:1802
RHSA-2017:2493
RHSA-2017:2494
SUSE-SU-2016:2470
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
https://bto.bluecoat.com/security-advisory/sa132
https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://www.openssl.org/news/secadv/20160922.txt
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
https://www.tenable.com/security/tns-2016-21

CPE    32
cpe:/a:openssl:openssl:1.0.1m
cpe:/a:openssl:openssl:1.0.1o
cpe:/a:openssl:openssl:1.0.1q
cpe:/a:openssl:openssl:1.0.1p
...
CWE    1
CWE-399
OVAL    17
oval:org.secpod.oval:def:204094
oval:org.secpod.oval:def:204093
oval:org.secpod.oval:def:111444
oval:org.secpod.oval:def:37387
...

© 2013 SecPod Technologies