PT-2016-3314 · Openssl+2 · Openssl+2

Published

2016-09-22

Updated

2022-12-13

CVE-2016-6308

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0a

Description The issue is related to an error in the resource management mechanism of the statem/statem dtls.c component in the DTLS implementation of OpenSSL. This could allow a remote attacker to cause a denial of service through specially crafted DTLS messages, potentially leading to memory consumption.

Recommendations For OpenSSL versions 1.1.0 through 1.1.0a, update to version 1.1.0a or later to resolve the issue. As a temporary workaround, consider restricting access to the DTLS implementation to minimize the risk of exploitation. Avoid using the statem/statem dtls.c component until the issue is resolved.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2020-02967

CVE-2016-6308

MGASA-2016-0408

Affected Products

Huawei Vrp

Nessus

Openssl

PT-2016-3314 · Openssl+2 · Openssl+2

CVE-2016-6308

Weakness Enumeration

Related Identifiers

Affected Products

References · 28