Lucene search
Alpine Linux Development TeamALPINE:CVE-2016-6304HistorySep 26, 2016 - 7:59 p.m.
CVE-2016-6304
2016-09-2619:59:00
Alpine Linux Development Team
security.alpinelinux.org
26
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.8
Confidence
High
EPSS
0.566
Percentile
97.7%
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.2-main | noarch | openssl | < 1.0.2i-r0 | UNKNOWN |
| Alpine | 3.3-main | noarch | openssl | < 1.0.2i-r0 | UNKNOWN |
| Alpine | 3.4-main | noarch | openssl | < 1.0.2i-r0 | UNKNOWN |
| Alpine | 3.5-main | noarch | openssl | < 1.0.2i-r0 | UNKNOWN |
| Alpine | 3.6-main | noarch | openssl | < 1.0.2i-r0 | UNKNOWN |
| Alpine | 3.7-main | noarch | openssl | < 1.0.2i-r0 | UNKNOWN |
| Alpine | 3.8-main | noarch | openssl | < 1.0.2i-r0 | UNKNOWN |
Related
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K54211024)
2016-11-03 00:00:00
RHEL 6 : openssl (RHSA-2016:2802)
2016-11-17 00:00:00
Amazon Linux AMI : openssl (ALAS-2016-749)
2016-09-23 00:00:00
f5
f5
SOL54211024 - OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
K54211024 : OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2017-01-26 01:52:41
Denial Of Service (DoS)
2019-01-15 09:14:47
hackerone
hackerone
ubuntucve
ubuntucve
CVE-2016-6304
2016-09-22 00:00:00
redhat
redhat
(RHSA-2016:2802) Important: openssl security update
2016-11-17 12:52:35
(RHSA-2017:2494) Important: Red Hat JBoss Web Server 2 security update
2017-08-21 15:21:48
openvas
openvas
OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability - Windows
2016-09-26 00:00:00
OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability - Linux
2016-09-26 00:00:00
F5 BIG-IP - OpenSSL vulnerability CVE-2016-6304
2016-11-03 00:00:00
cvelist
cvelist
CVE-2016-6304
2016-09-26 00:00:00
cve
cve
CVE-2016-6304
2016-09-26 19:59:00
prion
prion
Design/Logic Flaw
2016-09-26 19:59:00
nvd
nvd
CVE-2016-6304
2016-09-26 19:59:00
zdt
zdt
OpenSSL OCSP Status Request Extension Unbounded Memory Growth Vulnerability
2016-10-21 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL OCSP Extension Unbounded Memory Denial of Service (CVE-2016-6304)
2016-09-22 00:00:00
osv
osv
CVE-2016-6304
2016-09-26 19:59:00
openssl - regression update
2016-09-22 00:00:00
openssl - security update
2016-09-22 00:00:00
debiancve
debiancve
CVE-2016-6304
2016-09-26 19:59:00
openssl
openssl
Vulnerability in OpenSSL - OCSP Status Request extension unbounded memory growth
2016-09-22 00:00:00
threatpost
threatpost
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
Oracle Fixes 253 Vulnerabilities in Last CPU of 2016
2016-10-19 13:39:40
thn
thn
Critical DoS Flaw found in OpenSSL — How It Works
2016-09-23 01:10:00
amazon
amazon
Important: openssl
2016-09-22 16:00:00
ibm
ibm
suse
suse
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs4 (important)
2016-10-06 20:14:21
Security update for nodejs (important)
2016-10-11 19:20:03
kaspersky
kaspersky
KLA10888 Multiple vulnerabilities in Oracle VM VirtualBox
2016-10-19 00:00:00
ics
ics
Advantech Spectre RT Industrial Routers
2021-02-23 12:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23
2016-10-11 23:24:05
[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25
2016-10-09 03:28:42
[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24
2016-09-28 01:57:16
cloudfoundry
cloudfoundry
USN-3087-2 OpenSSL Regression | Cloud Foundry
2016-09-28 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:26.openssl
2016-09-23 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-09-27 00:00:00
centos
centos
openssl security update
2016-09-28 14:48:04
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-09-22 00:00:00
OpenSSL regression
2016-09-23 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2016-10-12 01:12:20
archlinux
archlinux
[ASA-201609-24] lib32-openssl: multiple issues
2016-09-26 00:00:00
[ASA-201609-23] openssl: multiple issues
2016-09-26 00:00:00
debian
debian
[SECURITY] [DLA 637-1] openssl security update
2016-09-25 11:55:01
[SECURITY] [DSA 3673-1] openssl security update
2016-09-22 16:50:14
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-11-14 13:29:26
arista
arista
Security Advisory 0024
2016-10-04 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-09-22 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.8
Confidence
High
EPSS
0.566
Percentile
97.7%
Related for ALPINE:CVE-2016-6304