CVE-2016-2179
Severity
7.5HIGH
EPSS
18.3%
top 4.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 16
Latest updateMay 13
Description
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2016-2179: openssl - The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the l...↗2016
💬Community
4Bugzilla▶
CVE-2016-2179 openssl101e: openssl: DoS attack by filling up the queue for future messages [epel-5]↗2016-08-23
Bugzilla▶
CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer↗2016-08-23
Bugzilla▶
CVE-2016-2179 mingw-openssl: openssl: DoS attack by filling up the queue for future messages [fedora-all]↗2016-08-23
Bugzilla▶
CVE-2016-2179 openssl: DoS attack by filling up the queue for future messages [fedora-all]↗2016-08-23