Main Vulnerability Database SB2016091928

SB2016091928 - Solaris vulnerabilities in openssl (Alpine package)

Published: September 19, 2016 Updated: March 6, 2023

Security Bulletin ID SB2016091928

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2016-2181)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Anti-Replay feature in the DTLS implementation when using a new epoch number in conjunction with a large sequence number. A remote attacker can perform a denial of service (DoS) attack (false-positive packet drops) via spoofed DTLS records.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=3a3ffbd8e2b0a4b3e1b8fcf62f913a691bb4dae4
https://git.alpinelinux.org/aports/commit/?id=a879e6eaf315a19b45fd424f12f9bf072b168946
https://git.alpinelinux.org/aports/commit/?id=346532027d2b8b8d5cac13a2b7d86820dfaf34b7
https://git.alpinelinux.org/aports/commit/?id=6ea715958d6486933e7cc3ca163e3d0691c9629d
https://git.alpinelinux.org/aports/commit/?id=70b8770d37d514044077c7258c0e6e81aeeee5fe