CVE-2016-6305

Published: Sep 26, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openssl.org/news/secadv/20160922.txt

https://www.tenable.com/security/tns-2016-20

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

1036879

vdb-entry

GLSA-201612-16

vendor-advisory

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-21

93149

vdb-entry

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://github.com/openssl/openssl/issues/1563

https://bto.bluecoat.com/security-advisory/sa132

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6305

Description

Affected Products

References