CVE-2016-6307 — Uncontrolled Resource Consumption in Openssl

CWE-400 — Uncontrolled Resource Consumption CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-310 CWE-63514 documents10 sources

Severity

5.9MEDIUMNVD

EPSS

20.4%

top 4.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedSep 26

Latest updateDec 19

Description

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/openssl

▶NVDopenssl/openssl1.1.0

🔴Vulnerability Details

GHSA

GHSA-6486-qv2g-xg8h: The state-machine implementation in OpenSSL 1↗2022-05-14

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE X-200RNA Switch Devices↗2022-12-19

▶

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016↗2016-09-27

▶

Red Hat

openssl: excessive allocation of memory in tls_get_message_header()↗2016-09-21

▶

Debian

CVE-2016-6307: openssl - The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory...↗2016

▶

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016↗

▶

🕵️Threat Intelligence

Tenable

[R7] Nessus 6.9 Fixes Multiple Vulnerabilities↗2016-10-25

▶

Fortinet

Analysis of OpenSSL Large Message Size Handling Use After Free (CVE-2016-6309)↗2016-10-12

▶

💬Community

HackerOne

Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)↗2017-05-25

▶

HackerOne

Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)↗2017-05-25

▶

Bugzilla

CVE-2016-6309 openssl: Use After Free for large message sizes↗2016-09-26

▶

Bugzilla

CVE-2016-6308 openssl: excessive allocation of memory in dtls1_preprocess_fragment()↗2016-09-21

▶

Bugzilla

CVE-2016-6307 openssl: excessive allocation of memory in tls_get_message_header()↗2016-09-21

▶