CVE-2016-6308

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0a

Description The issue is related to an error in the resource management mechanism of the statem/statem dtls.c component in the DTLS implementation of OpenSSL. This could allow a remote attacker to cause a denial of service through specially crafted DTLS messages, potentially leading to memory consumption.

Recommendations For OpenSSL versions 1.1.0 through 1.1.0a, update to version 1.1.0a or later to resolve the issue. As a temporary workaround, consider restricting access to the DTLS implementation to minimize the risk of exploitation. Avoid using the statem/statem dtls.c component until the issue is resolved.