Veracode Vulnerability DatabaseVERACODE:3433Denial Of Service (DoS)
0.683 Medium
EPSS
Percentile
98.0%
OpenSSL is vulnerable to denial of service (DoS) attacks. A malicious user can cause a memory leak by seeking to connect to the system with an invalid username. By opening multiple invalid connections this way, the malicious user can cause the system to run out of memory.
References
kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
openssl.org/news/secadv/20160301.txt
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
www.debian.org/security/2016/dsa-3500
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/83705
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1035133
www.ubuntu.com/usn/USN-2914-1
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=259b664f950c2ba66fbf4b0fe5281327904ead21
git.openssl.org/?p=openssl.git;a=commit;h=259b664f950c2ba66fbf4b0fe5281327904ead21
github.com/FredericJacobs/OpenSSL-Pod/blob/master/1.0.207/OpenSSL.podspec#L14
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
security.gentoo.org/glsa/201603-15
www.openssl.org/news/secadv/20160301.txt
Related
