CVE-2016-6302

CWE-20 — Improper Input Validation CWE-119 — Buffer Overflow CWE-310 CWE-635 CWE-190 — Integer Overflow CWE-125 — Out-of-bounds Read14 documents11 sources

Severity

7.5HIGH

EPSS

10.4%

top 6.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Openssl Oracle Linux Oracle Solaris

Timeline

PublishedSep 16

Latest updateMay 13

Description

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianopenssl< 1.0.2i-1+3

▶NVDopenssl/openssl30 versions+29

▶NVDoracle/linux6, 7+1

▶NVDoracle/solaris10, 11.3+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-h9vm-qp4h-23fm: The tls_decrypt_ticket function in ssl/t1_lib↗2022-05-13

▶

CVEList

CVE-2016-6302: The tls_decrypt_ticket function in ssl/t1_lib↗2016-09-16

▶

OSV

CVE-2016-6302: The tls_decrypt_ticket function in ssl/t1_lib↗2016-09-16

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016↗2016-09-27

▶

BSD

FreeBSD-SA-16:26.openssl: Multiple OpenSSL vulnerabilities↗2016-09-23

▶

Ubuntu

OpenSSL vulnerabilities↗2016-09-22

▶

Red Hat

openssl: Insufficient TLS session ticket HMAC length checks↗2016-08-23

▶

Debian

CVE-2016-6302: openssl - The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not...↗2016

▶

💬Community

HackerOne

Malformed SHA512 ticket DoS (CVE-2016-6302)↗2017-05-25

▶

Bugzilla

CVE-2016-6302 openssl101e: openssl: Insufficient ticket sanity checks [epel-5]↗2016-08-24

▶

Bugzilla

CVE-2016-6302 mingw-openssl: openssl: Insufficient ticket sanity checks [fedora-all]↗2016-08-24

▶

Bugzilla

CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks↗2016-08-24

▶

Bugzilla

CVE-2016-6302 openssl: Insufficient ticket sanity checks [fedora-all]↗2016-08-24

▶