CVE-2016-8610
published 2017-11-13CVE-2016-8610: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Affected
73 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.0.2j-1 (bookworm) | openssl 1.0.2j-1 (bookworm) |
| fujitsu | m10-1_firmware | < xcp2361 | xcp2361 |
| fujitsu | m10-1_firmware | >= xcp3000 < xcp3070 | xcp3070 |
| fujitsu | m10-4_firmware | < xcp2361 | xcp2361 |
| fujitsu | m10-4_firmware | >= xcp3000 < xcp3070 | xcp3070 |
| fujitsu | m10-4s_firmware | < xcp2361 | xcp2361 |
| fujitsu | m10-4s_firmware | >= xcp3000 < xcp3070 | xcp3070 |
| fujitsu | m12-1_firmware | < xcp2361 | xcp2361 |
| fujitsu | m12-1_firmware | >= xcp3000 < xcp3070 | xcp3070 |
| fujitsu | m12-2_firmware | < xcp2361 | xcp2361 |
| fujitsu | m12-2_firmware | >= xcp3000 < xcp3070 | xcp3070 |
| fujitsu | m12-2s_firmware | < xcp2361 | xcp2361 |
| fujitsu | m12-2s_firmware | >= xcp3000 < xcp3070 | xcp3070 |
| netapp | e-series_santricity_os_controller | 11.0 – 11.40 | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.0.2j-1 | 1.0.2j-1 |
| openssl | openssl | >= 0 < 1.0.2j-1 | 1.0.2j-1 |
| openssl | openssl | >= 0 < 1.0.2j-1 | 1.0.2j-1 |
| openssl | openssl | >= 0 < 1.0.2j-1 | 1.0.2j-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv9.8CRITICAL