CVE-2016-6305 — Improper Input Validation in Openssl

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-310 CWE-635 CWE-835 — Infinite Loop10 documents9 sources

Severity

7.5HIGHNVD

EPSS

33.0%

top 3.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedSep 26

Latest updateDec 19

Description

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/openssl

▶NVDopenssl/openssl1.1.0

🔴Vulnerability Details

GHSA

GHSA-jjf8-m6wr-q4f8: The ssl3_read_bytes function in record/rec_layer_s3↗2022-05-14

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE X-200RNA Switch Devices↗2022-12-19

▶

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016↗2016-09-27

▶

Red Hat

openssl: SSL_peek() hang on empty record↗2016-09-22

▶

Debian

CVE-2016-6305: openssl - The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1....↗2016

▶

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016↗

▶

🕵️Threat Intelligence

Tenable

[R7] Nessus 6.9 Fixes Multiple Vulnerabilities↗2016-10-25

▶

💬Community

HackerOne

SSL_peek() hang on empty record (CVE-2016-6305)↗2018-01-11

▶

Bugzilla

CVE-2016-6305 openssl: SSL_peek() hang on empty record↗2016-09-21

▶