Main Vulnerability Database Exploits ID:1054 - Exploit for Heap overflow in OpenSSL - CVE-2016-7054

ID:1054 - Exploit for Heap overflow in OpenSSL - CVE-2016-7054

Published: March 18, 2020

Vulnerability identifier: #VU5892

Vulnerability risk: Medium

CVE-ID: CVE-2016-7054

CWE-ID: CWE-122

Exploitation vector: Remote access

Vulnerable software:
OpenSSL

Link to public exploit:

https://www.exploit-db.com/exploits/40899/

Vulnerability description

The vulnerability allows a remote attacker to perform denial of service (Dos) attack.

The vulnerability exists due to a boundary error when processing *-CHACHA20-POLY1305 TLS ciphersuites (ChaCha20/Poly1305) in OpenSSL. A remote attacker can send large payloads to affected service, triggering heap overflow.

Successful exploitation of the vulnerability may result in denial of service (DoS) conditions.

Remediation

OpenSSL 1.1.0 users should upgrade to 1.1.0c

This issue does not affect OpenSSL versions prior to 1.1.0

ID:1054 - Exploit for Heap overflow in OpenSSL - CVE-2016-7054

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human