CVE-2016-6305
published 2016-09-26CVE-2016-6305: The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by…
PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
16.00%
96.5th percentile
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_cisco5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
vendor_cisco·2016-09-27·CVSS 5.5
CVE-2016-2177 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.”
Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.”
Of the 16 released vulnerabilities:
Fourteen track issues that could resu
Red Hat
openssl: SSL_peek() hang on empty record
vendor_redhat·2016-09-22·CVSS 7.5
CVE-2016-6305 [HIGH] CWE-835 openssl: SSL_peek() hang on empty record
openssl: SSL_peek() hang on empty record
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat Enterprise Linux 7) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 7) - Not affected
Package: openssl (Red Hat JBoss Enterprise Application Platform 5) - Not affected
Package: openssl (
Debian
CVE-2016-6305: openssl - The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1....
vendor_debian·2016·CVSS 7.5
CVE-2016-6305 [HIGH] CVE-2016-6305: openssl - The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1....
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
vendor_cisco
CVE-2016-6305 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
CVE-2016-6305: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.” Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.” Of the 16 released vulnerabilities: Fourteen track issues that c
GHSA
GHSA-jjf8-m6wr-q4f8: The ssl3_read_bytes function in record/rec_layer_s3
ghsa_unreviewed·2022-05-14
CVE-2016-6305 [HIGH] CWE-20 GHSA-jjf8-m6wr-q4f8: The ssl3_read_bytes function in record/rec_layer_s3
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
No detection rules found.
No public exploits indexed.
HackerOne
SSL_peek() hang on empty record (CVE-2016-6305)
hackerone·2018-01-11·CVSS 7.5
CVE-2016-6305 [HIGH] SSL_peek() hang on empty record (CVE-2016-6305)
SSL_peek() hang on empty record (CVE-2016-6305)
As described here: https://www.openssl.org/news/secadv/20160922.txt
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
Bugzilla
CVE-2016-6305 openssl: SSL_peek() hang on empty record
bugzilla·2016-09-21·CVSS 7.5
CVE-2016-6305 [HIGH] CVE-2016-6305 openssl: SSL_peek() hang on empty record
CVE-2016-6305 openssl: SSL_peek() hang on empty record
Quoting form the draft of the OpenSSL upstream advisory:
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an
empty record. This could be exploited by a malicious peer in a Denial Of Service
attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The
fix was developed by Matt Caswell of the OpenSSL development team.
Discussion:
Acknowledgments:
Name: the OpenSSL project
Upstream: Alex Gaynor
---
Created attachment 1203332
OpenSSL upstream fix
---
Upstream bug with reproducer:
https://github.com/openssl/openssl/issues/1563
---
This issue only affected OpenSS
Tenable
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities
blogs_tenable·2016-10-25
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://www-01.ibm.com/support/docview.wss?uid=swg21995039http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/93149http://www.securitytracker.com/id/1036879https://bto.bluecoat.com/security-advisory/sa132https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9https://github.com/openssl/openssl/issues/1563https://security.gentoo.org/glsa/201612-16https://www.openssl.org/news/secadv/20160922.txthttps://www.tenable.com/security/tns-2016-16https://www.tenable.com/security/tns-2016-20https://www.tenable.com/security/tns-2016-21http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://www-01.ibm.com/support/docview.wss?uid=swg21995039http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/93149http://www.securitytracker.com/id/1036879https://bto.bluecoat.com/security-advisory/sa132https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9https://github.com/openssl/openssl/issues/1563https://security.gentoo.org/glsa/201612-16https://www.openssl.org/news/secadv/20160922.txthttps://www.tenable.com/security/tns-2016-16https://www.tenable.com/security/tns-2016-20https://www.tenable.com/security/tns-2016-21
2016-09-26
Published