Published: 26/09/2016 Updated: 07/11/2023

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 633

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 prior to 1.1.0a allocates memory before checking for an excessive length, which might allow remote malicious users to cause a denial of service (memory consumption) via crafted DTLS messages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 1.1.0

statem/statem_dtlsc in the DTLS implementation in OpenSSL 110 before 110a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages ...

On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity” Subsequently, on September 26, the OpenSSL Software Foundatio ...

Nessus is potentially impacted by several vulnerabilities in OpenSSL (20160926) that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time These vulnerabilities may impact Nessus and include: CVE-2 ...

LCE 481 is possibly impacted by multiple vulnerabilities reported in third-party libraries Tenable has not investigated each one to determine if it is exploitable or the vulnerable code path can be reached Instead, Dev has upgraded the impacted libraries as a faster and safer alternative Due to the number of library upgrades and the potential ...

Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality Four of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to PVS OpenSSL ssl/statem/statemc read_state_ma ...

CWE-399 https://www.openssl.org/news/secadv/20160922.txt http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93151 https://bto.bluecoat.com/security-advisory/sa132 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 https://www.tenable.com/security/tns-2016-16 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.securitytracker.com/id/1036885 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://www.tenable.com/security/tns-2016-21 https://www.tenable.com/security/tns-2016-20 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-6308 https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

CVE-2016-6308

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect