CVE-2016-6304: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Affected

46 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	macos_sierra_10.12.2_security_update_2016-003_el_capitan_and_security_update_201	—	—
debian	openssl	< openssl 1.0.2i-1 (bookworm)	openssl 1.0.2i-1 (bookworm)
nodejs	node.js	>= 0.10.0 < 0.10.47	0.10.47
nodejs	node.js	>= 0.12.0 < 0.12.16	0.12.16
nodejs	node.js	>= 4.0.0 < 4.6.0	4.6.0
nodejs	node.js	>= 6.0.0 < 6.7.0	6.7.0
novell	suse_linux_enterprise_module_for_web_scripting	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—
openssl	openssl	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv9.8CRITICAL