Lucene search
OpenSSLOPENSSL:CVE-2016-6306HistorySep 21, 2016 - 12:00 a.m.
Vulnerability in OpenSSL CVE-2016-6306
2016-09-2100:00:00
www.openssl.org
50
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.193
Percentile
96.3%
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
Related
hackerone
hackerone
Internet Bug Bounty: Certificate message OOB reads (CVE-2016-6306)
2017-04-18 07:39:52
redhatcve
redhatcve
CVE-2016-6306
2016-09-22 13:11:09
osv
osv
CVE-2016-6306
2016-09-26 19:59:00
openssl - security update
2016-09-22 00:00:00
openssl - regression update
2016-09-22 00:00:00
alpinelinux
alpinelinux
CVE-2016-6306
2016-09-26 19:59:02
f5
f5
SOL90492697 - OpenSSL vulnerability CVE-2016-6306
2016-10-24 00:00:00
K90492697 : OpenSSL vulnerability CVE-2016-6306
2016-10-24 00:00:00
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K90492697)
2017-03-02 00:00:00
RHEL 4 : openssl (Unpatched Vulnerability)
2024-05-11 00:00:00
Oracle Linux 5 : openssl (ELSA-2016-3627)
2016-10-17 00:00:00
prion
prion
Out-of-bounds
2016-09-26 19:59:00
nvd
nvd
CVE-2016-6306
2016-09-26 19:59:02
debiancve
debiancve
CVE-2016-6306
2016-09-26 19:59:02
ubuntucve
ubuntucve
CVE-2016-6306
2016-09-21 00:00:00
cvelist
cvelist
CVE-2016-6306
2016-09-26 00:00:00
cve
cve
CVE-2016-6306
2016-09-26 19:59:02
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for HP NonStop (CVE-2016-2177, CVE-2016-6306, CVE-2016-2183)
2020-07-24 22:19:08
oraclelinux
oraclelinux
openssl security update
2016-10-13 00:00:00
openssl security update
2016-09-27 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2019-2217)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2470-1)
2021-06-09 00:00:00
OpenSSL 1.0.2 and 1.0.1 Multiple Vulnerabilities (Sep 2016) - Windows
2016-09-26 00:00:00
suse
suse
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs4 (important)
2016-10-06 20:14:21
Security update for nodejs (important)
2016-10-11 19:20:03
redhat
redhat
(RHSA-2018:2187) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
2018-07-12 16:04:13
(RHSA-2018:2185) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update
2018-07-12 16:04:06
(RHSA-2016:1940) Important: openssl security update
2016-09-27 11:50:45
amazon
amazon
Medium: openssl
2016-10-12 17:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25
2016-10-09 03:28:42
[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23
2016-10-11 23:24:05
[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24
2016-09-28 01:57:16
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:26.openssl
2016-09-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
centos
centos
openssl security update
2016-09-28 14:48:04
cloudfoundry
cloudfoundry
USN-3087-2 OpenSSL Regression | Cloud Foundry
2016-09-28 00:00:00
ubuntu
ubuntu
OpenSSL regression
2016-09-23 00:00:00
OpenSSL vulnerabilities
2016-09-22 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2016-10-12 01:12:20
archlinux
archlinux
[ASA-201609-24] lib32-openssl: multiple issues
2016-09-26 00:00:00
[ASA-201609-23] openssl: multiple issues
2016-09-26 00:00:00
debian
debian
[SECURITY] [DSA 3673-1] openssl security update
2016-09-22 16:50:14
[SECURITY] [DLA 637-1] openssl security update
2016-09-25 11:55:01
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-11-14 13:29:26
arista
arista
Security Advisory 0024
2016-10-04 00:00:00
fortinet
fortinet
OpenSSL Security Advisory [22 Sept 2016]
2017-04-03 00:00:00
slackware
slackware
[slackware-security] openssl
2016-09-22 18:53:12
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-12-07 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-09-22 00:00:00
symantec
symantec
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016
2016-10-06 08:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.193
Percentile
96.3%
Related for OPENSSL:CVE-2016-6306