statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

References

bugzilla.redhat.com/show_bug.cgi?id=1378208

www.openssl.org/news/secadv/20160922.txt

ubuntucve 1

cvelist 1

openssl 1

prion 1

nvd 1

debiancve 1

cve 1

f5 3

hackerone 1

openvas 6

nessus 9

ibm 25

arista 1

fortinet 1

slackware 1

freebsd 1

symantec 1

huawei 1

cisco 1

nodejsblog 1

mageia 1

ics 1

oracle 6

ubuntucve

CVE-2016-6308

2016-09-26 00:00:00

cvelist

CVE-2016-6308

2016-09-26 00:00:00

openssl

Vulnerability in OpenSSL CVE-2016-6308

2016-09-21 00:00:00

prion

Code injection

2016-09-26 19:59:00

nvd

CVE-2016-6308

2016-09-26 19:59:05

debiancve

CVE-2016-6308

2016-09-26 19:59:05

cve

CVE-2016-6308

2016-09-26 19:59:05

K09422508 : OpenSSL vulnerabilities CVE-2016-6307 and CVE-2016-6308

2016-10-19 00:00:00

SOL09422508 - OpenSSL vulnerabilities CVE-2016-6302, CVE-2016-6307, and CVE-2016-6308

2016-10-19 00:00:00

SOL22071504 - September 2016 OpenSSL security vulnerability announcement

2016-09-22 00:00:00

hackerone

Internet Bug Bounty: Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

2017-04-18 07:42:44

openvas

OpenSSL SSL_peek hang on empty record DoS Vulnerability - Linux

2016-09-26 00:00:00

OpenSSL SSL_peek hang on empty record DoS Vulnerability - Windows

2016-09-26 00:00:00

Slackware: Security Advisory (SSA:2016-266-01)

2022-04-21 00:00:00

nessus

OpenSSL < 1.1.0a Multiple Vulnerabilities

2016-10-06 00:00:00

OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities

2016-09-30 00:00:00

Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2016-266-01)

2016-09-23 00:00:00

ibm

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Service Delivery Manager

2018-06-17 22:33:19

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2016-6304, CVE-2016-6303, CVE-2016-6308, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )

2018-06-16 21:49:05

Security Bulletin: Multiple Vulnerabilities in Glibc, GNU C and OpenSSL affect IBM Netezza Firmware Diagnostics

2019-10-18 03:10:29

arista

Security Advisory 0024

2016-10-04 00:00:00

fortinet

OpenSSL Security Advisory [22 Sept 2016]

2017-04-03 00:00:00

slackware

[slackware-security] openssl

2016-09-22 18:53:12

freebsd

OpenSSL -- multiple vulnerabilities

2016-09-22 00:00:00

symantec

SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016

2016-10-06 08:00:00

huawei

Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products

2017-03-22 00:00:00

cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

2016-09-27 22:40:00

nodejsblog

Security updates for all active release lines, September 2016

2016-09-23 00:00:00

mageia

Updated virtualbox packages fixes security vulnerabilities

2016-12-06 00:49:27

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

oracle

Oracle Critical Patch Update - April 2018

2018-04-17 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Oracle Critical Patch Update Advisory - January 2017

2017-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.624

Percentile

97.8%

JSON

Related for RH:CVE-2016-6308