CVE-2016-6302

Published: Sep 16, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.tenable.com/security/tns-2016-20

RHSA-2018:2185

vendor-advisory

RHSA-2018:2186

vendor-advisory

http://www.splunk.com/view/SP-CAAAPUE

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

RHSA-2016:1940

vendor-advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

92628

vdb-entry

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9

http://www.splunk.com/view/SP-CAAAPSV

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

1036885

vdb-entry

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-21

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

https://bto.bluecoat.com/security-advisory/sa132

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

FreeBSD-SA-16:26

vendor-advisory

RHSA-2018:2187

vendor-advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6302

Description

Affected Products

References