Denial of service in OpenSSL - CVE-2016-6304
Published: October 10, 2016
Vulnerability identifier: #VU819
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6304
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OpenSSL Software Foundation
Affected software:
OpenSSL
OpenSSL
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service
Successful exploitation of the vulnerability allows a malicious user to trigger the vulnerable service to deny.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service
Successful exploitation of the vulnerability allows a malicious user to trigger the vulnerable service to deny.
How to mitigate CVE-2016-6304
Update 1.1.0 to version 1.1.0a.
Update 1.0.2 to version 1.0.2i.
Update 1.0.1 to version 1.0.1u.
Update 1.0.2 to version 1.0.2i.
Update 1.0.1 to version 1.0.1u.