statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

References

bugzilla.redhat.com/show_bug.cgi?id=1379302

www.openssl.org/news/secadv/20160926.txt

altlinux 4

f5 2

malwarebytes 1

checkpoint_advisories 1

prion 1

nessus 7

cvelist 1

ubuntucve 1

openvas 5

cve 1

debiancve 1

nvd 1

openssl 1

freebsd 1

thn 1

ibm 20

symantec 1

huawei 1

cisco 1

mageia 1

oracle 5

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2j-alt1

2016-09-26 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.2j-alt1

2016-09-26 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.2j-alt1

2016-09-26 00:00:00

SOL42219132 - OpenSSL vulnerability CVE-2016-6309

2016-10-10 00:00:00

K42219132 : OpenSSL vulnerability CVE-2016-6309

2016-10-10 00:00:00

malwarebytes

Critical OpenSSL fix due Nov 1—what you need to know

2022-10-27 15:00:00

checkpoint_advisories

OpenSSL tls_get_message_body Function init_msg Structure Use After Free (CVE-2016-6309)

2016-12-06 00:00:00

prion

Design/Logic Flaw

2016-09-26 19:59:00

nessus

OpenSSL 1.1.0a < 1.1.0b Vulnerability

2016-09-28 00:00:00

FreeBSD : OpenSSL -- multiple vulnerabilities (91a337d8-83ed-11e6-bf52-b499baebfeaf)

2016-09-27 00:00:00

OpenSSL 1.1.0 < 1.1.0b Multiple Vulnerabilities

2016-10-06 00:00:00

cvelist

CVE-2016-6309

2016-09-26 19:00:00

ubuntucve

CVE-2016-6309

2016-09-26 00:00:00

openvas

OpenSSL 1.1.0a Use-After-Free Fix Vulnerability - Windows

2016-09-26 00:00:00

OpenSSL 1.1.0a Use-After-Free Fix Vulnerability - Linux

2016-09-26 00:00:00

Juniper Networks Junos OS Multiple OpenSSL Vulnerabilities

2016-10-14 00:00:00

cve

CVE-2016-6309

2016-09-26 19:59:06

debiancve

CVE-2016-6309

2016-09-26 19:59:06

nvd

CVE-2016-6309

2016-09-26 19:59:06

openssl

Vulnerability in OpenSSL CVE-2016-6309

2016-09-26 00:00:00

freebsd

OpenSSL -- multiple vulnerabilities

2016-09-26 00:00:00

thn

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

2022-11-01 16:26:00

ibm

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Active Bypass (CVE-2016-6304, CVE-2016-6303, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )

2018-06-16 21:49:05

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2016-6304, CVE-2016-6303, CVE-2016-6308, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )

2018-06-16 21:49:05

Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager VMware (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306)

2018-06-17 15:37:48

symantec

SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016

2016-10-06 08:00:00

huawei

Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products

2017-03-22 00:00:00

cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

2016-09-27 22:40:00

mageia

Updated virtualbox packages fixes security vulnerabilities

2016-12-06 00:49:27

oracle

Oracle Critical Patch Update - April 2018

2018-04-17 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Oracle Critical Patch Update Advisory - January 2017

2017-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.911

Percentile

98.9%

JSON

Related for RH:CVE-2016-6309