Published: 04/05/2017 Updated: 03/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In OpenSSL 1.1.0 prior to 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 1.1.0
openssl openssl 1.1.0b
openssl openssl 1.1.0a

In OpenSSL 110 before 110c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads This can result in an OpenSSL crash This issue is not considered to be exploitable beyond a DoS ...

TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a denial of service attack via application crash by corrupting larger payloads ...

# Exploit Title: OpenSSL 110a & 110b Heap Overflow Remote DOS vulnerability # Date: 11-12-2016 # Software Link: wwwopensslorg/source/old/110/ # Exploit Author: Silverfox # Contact: twittercom/___Silverfox___ # Website: wwwsilverf0x00com/ # CVE: CVE-2016-7054 # Category: Denial of Service # Type: Remote # Platfo ...

CWE-284 https://www.openssl.org/news/secadv/20161110.txt http://www.securityfocus.com/bid/94238 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us http://www.securitytracker.com/id/1037261 https://www.exploit-db.com/exploits/40899/https://nvd.nist.gov https://www.exploit-db.com/exploits/40899/https://access.redhat.com/security/cve/cve-2016-7054 https://security.archlinux.org/CVE-2016-7054

CVE-2016-7054

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect