Denial of service in OpenSSL - CVE-2016-6305
Published: September 23, 2016
Vulnerability identifier: #VU645
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6305
CWE-ID: CWE-371
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OpenSSL Software Foundation
Affected software:
OpenSSL
OpenSSL
Detailed vulnerability description
The vulnerability allows a remote authenticated user to trigger denial of service on the target system.
The weakness exists due to state error. By sendidng specially crafted files attackers can cause a flaw in SSL_peek() that may lead to the affected service hanging.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness exists due to state error. By sendidng specially crafted files attackers can cause a flaw in SSL_peek() that may lead to the affected service hanging.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
How to mitigate CVE-2016-6305
Update to 1.1.0a.