CVE-2016-7054

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0b

Description The issue is related to the implementation of the CHACHA20-POLY1305 algorithm in OpenSSL, specifically with the handling of corrupted payloads in TLS connections that use *-CHACHA20-POLY1305 ciphersuites. This can lead to a denial of service (DoS) attack, causing OpenSSL to crash. The problem is not considered exploitable beyond a DoS.

Recommendations For OpenSSL versions 1.1.0 through 1.1.0b, update to version 1.1.0c or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.