CVE-2016-6307

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0a

Description The issue is related to an error in the resource control mechanism of the state-machine implementation in OpenSSL, specifically in statem/statem.c and statem/statem lib.c. This could allow a remote attacker to cause a denial of service through crafted TLS messages by consuming excessive memory. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For OpenSSL versions 1.1.0 through 1.1.0a, update to version 1.1.0a or later to resolve the issue. As a temporary workaround, consider restricting access to the statem/statem.c and statem/statem lib.c components to minimize the risk of exploitation. Avoid using crafted TLS messages that could trigger the denial of service until the issue is resolved.