CVE-2016-2181
CWE-189CWE-20 — Improper Input ValidationCWE-119 — Buffer OverflowCWE-310CWE-63516 documents10 sources
Severity
7.5HIGH
EPSS
23.0%
top 4.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 16
Latest updateMay 13
Description
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-mpfh-46p6-w5g3: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1↗2022-05-13
OSV
▶
CVEList
▶
📋Vendor Advisories
5Debian▶
CVE-2016-2181: openssl - The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 misha...↗2016
💬Community
5Bugzilla▶
CVE-2016-2181 mingw-openssl: openssl: DTLS replay protection bypass via sending large sequence number [fedora-all]↗2016-08-22
Bugzilla
▶
Bugzilla▶
CVE-2016-2181 openssl: DTLS replay protection bypass via sending large sequence number [fedora-all]↗2016-08-22
Bugzilla▶
CVE-2016-2181 openssl101e: openssl: DTLS replay protection bypass via sending large sequence number [epel-5]↗2016-08-22
Bugzilla▶
CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.9↗2016-04-25