CVE-2016-6308

Published: Sep 26, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openssl.org/news/secadv/20160922.txt

https://www.tenable.com/security/tns-2016-20

93151

vdb-entry

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

1036885

vdb-entry

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://www.tenable.com/security/tns-2016-16

https://www.tenable.com/security/tns-2016-21

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://bto.bluecoat.com/security-advisory/sa132

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6308

Description

Affected Products

References