Lucene search
OpenSSLOPENSSL:CVE-2016-6309HistorySep 26, 2016 - 12:00 a.m.
Vulnerability in OpenSSL CVE-2016-6309
2016-09-2600:00:00
www.openssl.org
30
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0.911
Percentile
98.9%
This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This is likely to result in a crash, however it could potentially lead to execution of arbitrary code.
Related
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2j-alt1
2016-09-26 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.2j-alt1
2016-09-26 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2j-alt1
2016-09-26 00:00:00
f5
f5
SOL42219132 - OpenSSL vulnerability CVE-2016-6309
2016-10-10 00:00:00
K42219132 : OpenSSL vulnerability CVE-2016-6309
2016-10-10 00:00:00
K09422508 : OpenSSL vulnerabilities CVE-2016-6307 and CVE-2016-6308
2016-10-19 00:00:00
malwarebytes
malwarebytes
Critical OpenSSL fix due Nov 1βwhat you need to know
2022-10-27 15:00:00
checkpoint_advisories
checkpoint_advisories
redhatcve
redhatcve
CVE-2016-6309
2016-09-26 10:42:01
CVE-2016-6307
2016-09-22 15:17:54
openssl
openssl
Vulnerability in OpenSSL CVE-2016-6307
2016-09-21 00:00:00
prion
prion
Design/Logic Flaw
2016-09-26 19:59:00
Design/Logic Flaw
2016-09-26 19:59:00
nessus
nessus
OpenSSL 1.1.0a < 1.1.0b Vulnerability
2016-09-28 00:00:00
FreeBSD : OpenSSL -- multiple vulnerabilities (91a337d8-83ed-11e6-bf52-b499baebfeaf)
2016-09-27 00:00:00
OpenSSL 1.1.0 < 1.1.0b Multiple Vulnerabilities
2016-10-06 00:00:00
cve
cve
CVE-2016-6307
2016-09-26 19:59:04
CVE-2016-6309
2016-09-26 19:59:06
ubuntucve
ubuntucve
CVE-2016-6309
2016-09-26 00:00:00
CVE-2016-6307
2016-09-26 00:00:00
cvelist
cvelist
CVE-2016-6309
2016-09-26 19:00:00
CVE-2016-6307
2016-09-26 00:00:00
nvd
nvd
CVE-2016-6309
2016-09-26 19:59:06
CVE-2016-6307
2016-09-26 19:59:04
openvas
openvas
OpenSSL 1.1.0a Use-After-Free Fix Vulnerability - Windows
2016-09-26 00:00:00
OpenSSL 1.1.0a Use-After-Free Fix Vulnerability - Linux
2016-09-26 00:00:00
OpenSSL SSL_peek hang on empty record DoS Vulnerability - Linux
2016-09-26 00:00:00
debiancve
debiancve
CVE-2016-6309
2016-09-26 19:59:06
CVE-2016-6307
2016-09-26 19:59:04
hackerone
hackerone
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-09-26 00:00:00
OpenSSL -- multiple vulnerabilities
2016-09-22 00:00:00
threatpost
threatpost
OpenSSL Fixes Critical Bug Introduced by Latest Update
2016-09-26 10:45:04
thn
thn
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
2022-11-01 16:26:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)
2022-02-22 19:27:34
symantec
symantec
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016
2016-10-06 08:00:00
huawei
huawei
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
2017-03-22 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
2016-09-27 22:40:00
mageia
mageia
Updated virtualbox packages fixes security vulnerabilities
2016-12-06 00:49:27
arista
arista
Security Advisory 0024
2016-10-04 00:00:00
fortinet
fortinet
OpenSSL Security Advisory [22 Sept 2016]
2017-04-03 00:00:00
slackware
slackware
[slackware-security] openssl
2016-09-22 18:53:12
nodejsblog
nodejsblog
Security updates for all active release lines, September 2016
2016-09-23 00:00:00
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
Oracle Critical Patch Update Advisory - January 2017
2017-01-17 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0.911
Percentile
98.9%
Related for OPENSSL:CVE-2016-6309