CVE-2016-6309 — Use After Free in Openssl

CWE-416 — Use After Free CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-310 CWE-63513 documents10 sources

Severity

9.8CRITICALNVD

EPSS

28.2%

top 3.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedSep 26

Latest updateApr 25

Description

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/openssl

▶NVDopenssl/openssl1.1.0a

🔴Vulnerability Details

GHSA

GHSA-5qvw-r534-xcm4: statem/statem↗2022-05-14

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016↗2016-09-27

▶

Red Hat

openssl: Use After Free for large message sizes↗2016-09-26

▶

Debian

CVE-2016-6309: openssl - statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after ...↗2016

▶

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016↗

▶

🕵️Threat Intelligence

Tenable

[R7] Nessus 6.9 Fixes Multiple Vulnerabilities↗2016-10-25

▶

Fortinet

Analysis of OpenSSL Large Message Size Handling Use After Free (CVE-2016-6309)↗2016-10-12

▶

Qualys

Problem with OpenSSL Patches of September 22, 2016 | Qualys↗2016-09-26

▶

Qualys

Problem with OpenSSL Patches of September 22, 2016 | Qualys↗2016-09-26

▶

📄Research Papers

arXiv

Automating Function-Level TARA for Automotive Full-Lifecycle Security↗2025-04-25

▶

💬Community

Bugzilla

CVE-2016-6309 openssl: Use After Free for large message sizes↗2016-09-26

▶

Bugzilla

CVE-2016-6307 openssl: excessive allocation of memory in tls_get_message_header()↗2016-09-21

▶