CVE-2016-6308
published 2016-09-26CVE-2016-6308: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow…
PriorityP432medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
EPSS
14.07%
96.1th percentile
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
vendor_debian5.9LOW
vendor_redhat5.9MEDIUM
vendor_cisco5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
vendor_cisco·2016-09-27·CVSS 5.5
CVE-2016-2177 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.”
Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.”
Of the 16 released vulnerabilities:
Fourteen track issues that could resu
Red Hat
openssl: excessive allocation of memory in dtls1_preprocess_fragment()
vendor_redhat·2016-09-21·CVSS 5.9
CVE-2016-6308 [MEDIUM] CWE-400 openssl: excessive allocation of memory in dtls1_preprocess_fragment()
openssl: excessive allocation of memory in dtls1_preprocess_fragment()
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat Enterprise Linux 7) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 7) - Not affected
Package: openssl (Red Hat JBoss
Debian
CVE-2016-6308: openssl - statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a a...
vendor_debian·2016·CVSS 5.9
CVE-2016-6308 [MEDIUM] CVE-2016-6308: openssl - statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a a...
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
vendor_cisco
CVE-2016-6308 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
CVE-2016-6308: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.” Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.” Of the 16 released vulnerabilities: Fourteen track issues that c
GHSA
GHSA-25v5-24mh-gcpq: statem/statem_dtls
ghsa_unreviewed·2022-05-14
CVE-2016-6308 [HIGH] GHSA-25v5-24mh-gcpq: statem/statem_dtls
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
No detection rules found.
No public exploits indexed.
HackerOne
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
hackerone·2017-05-25·CVSS 5.9
CVE-2016-6308 [MEDIUM] Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
This issue is very similar to CVE-2016-6307. The underlying defect is different
but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message.
This would allow for messages up to 16Mb in length. Messages of this length are
excessive and OpenSSL includes a check to ensure that a peer is sending
reasonably sized messages in order to avoid too much memory being consumed to
service a connection. A flaw in the logic of version 1.1.0 means that memory for
the message is allocated too early, prior to the excessive message length
check. Due to way memory is allocated in OpenSSL this could mean an attacker
could force up to 21
Bugzilla
CVE-2016-6308 openssl: excessive allocation of memory in dtls1_preprocess_fragment()
bugzilla·2016-09-21·CVSS 5.9
CVE-2016-6308 [MEDIUM] CVE-2016-6308 openssl: excessive allocation of memory in dtls1_preprocess_fragment()
CVE-2016-6308 openssl: excessive allocation of memory in dtls1_preprocess_fragment()
Quoting form the draft of the OpenSSL upstream advisory:
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different
but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message.
This would allow for messages up to 16Mb in length. Messages of this length are
excessive and OpenSSL includes a check to ensure that a peer is sending
reasonably sized messages in order to avoid too much memory being consumed to
service a connection. A flaw in the logic of version 1.1.0 means that memory for
the message
Tenable
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities
blogs_tenable·2016-10-25
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://www-01.ibm.com/support/docview.wss?uid=swg21995039http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/93151http://www.securitytracker.com/id/1036885https://bto.bluecoat.com/security-advisory/sa132https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21ehttps://www.openssl.org/news/secadv/20160922.txthttps://www.tenable.com/security/tns-2016-16https://www.tenable.com/security/tns-2016-20https://www.tenable.com/security/tns-2016-21http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://www-01.ibm.com/support/docview.wss?uid=swg21995039http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/93151http://www.securitytracker.com/id/1036885https://bto.bluecoat.com/security-advisory/sa132https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21ehttps://www.openssl.org/news/secadv/20160922.txthttps://www.tenable.com/security/tns-2016-16https://www.tenable.com/security/tns-2016-20https://www.tenable.com/security/tns-2016-21
2016-09-26
Published