CVE-2016-6304

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1u OpenSSL versions prior to 1.0.2i OpenSSL versions prior to 1.1.0a MySQL Server versions 5.6.33 and earlier MySQL Server versions 5.7.15 and earlier

Description The issue is related to multiple memory leaks in the t1 lib.c file of the OpenSSL library, which can be exploited by remote attackers to cause a denial of service via large OCSP Status Request extensions. This can lead to memory consumption and potentially cause the application to crash. Additionally, a vulnerability in the MySQL Server component can allow a high-privileged attacker with network access to compromise the server, resulting in unauthorized ability to cause a hang or crash.

Recommendations For OpenSSL versions prior to 1.0.1u, update to version 1.0.1u or later. For OpenSSL versions prior to 1.0.2i, update to version 1.0.2i or later. For OpenSSL versions prior to 1.1.0a, update to version 1.1.0a or later. For MySQL Server versions 5.6.33 and earlier, update to a version later than 5.6.33. For MySQL Server versions 5.7.15 and earlier, update to a version later than 5.7.15. As a temporary workaround, consider restricting access to the t1 lib.c file or disabling the use of large OCSP Status Request extensions until a patch is available.