Denial of service in OpenSSL and Oracle VM VirtualBox - CVE-2016-6307
Published: October 10, 2016 / Updated: January 5, 2017
Vulnerability identifier: #VU817
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6307
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OpenSSL Software Foundation
Oracle
Oracle
Affected software:
OpenSSL
Oracle VM VirtualBox
OpenSSL
Oracle VM VirtualBox
Detailed vulnerability description
The vulnerability allows a remore unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service.
Successful exploitation of the vulnerability allows a malicious user to cause the vulnerably system deny.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service.
Successful exploitation of the vulnerability allows a malicious user to cause the vulnerably system deny.
How to mitigate CVE-2016-6307
Update 1.1.0 to 1.1.0a.