CVE-2016-6306

CWE-125Out-of-bounds ReadCWE-119Buffer OverflowCWE-310CWE-63515 documents11 sources
Severity
5.9MEDIUM
EPSS
8.1%
top 7.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Nodejs Node.jsCanonical Ubuntu LinuxDebian Debian Linux+6 more
Timeline
PublishedSep 26
Latest updateMay 13

Description

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages8 packages

Debianopenssl< 1.0.2i-1+3
NVDopenssl/openssl29 versions+28
NVDnodejs/node.js0.10.00.10.47+5
NVDhp/icewall_sso10.0

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-g89j-86gv-84w2: The certificate parser in OpenSSL before 12022-05-13
OSV
CVE-2016-6306: The certificate parser in OpenSSL before 12016-09-26
CVEList
CVE-2016-6306: The certificate parser in OpenSSL before 12016-09-26

📋Vendor Advisories

5
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 20162016-09-27
BSD
FreeBSD-SA-16:26.openssl: Multiple OpenSSL vulnerabilities2016-09-23
Ubuntu
OpenSSL vulnerabilities2016-09-22
Red Hat
openssl: certificate message OOB reads2016-09-21
Debian
CVE-2016-6306: openssl - The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might al...2016

💬Community

6
HackerOne
Certificate message OOB reads (CVE-2016-6306)2017-05-25
Bugzilla
CVE-2016-6304 CVE-2016-6306 openssl: various flaws [fedora-all]2016-09-22
Bugzilla
CVE-2016-6304 CVE-2016-6306 openssl101e: various flaws [epel-5]2016-09-22
Bugzilla
CVE-2016-6304 CVE-2016-6306 mingw-openssl: various flaws [fedora-all]2016-09-22
Bugzilla
CVE-2016-6304 CVE-2016-6306 mingw-openssl: various flaws [epel-7]2016-09-22
CVE-2016-6306 (MEDIUM CVSS 5.9) | The certificate parser in OpenSSL b | cvebase.io