Main Vulnerability Database Vulnerabilities #VU661

#VU661 Use after free error in OpenSSL and Oracle VM VirtualBox - CVE-2016-6309

Published: September 26, 2016 / Updated: January 5, 2017

Vulnerability identifier: #VU661

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-6309

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenSSL
Oracle VM VirtualBox

Software vendor:
OpenSSL Software Foundation
Oracle

Description

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to incorrect implementation of patch for vulnerability CVE-2016-6307. A remote attacker can send a specially crafted message larger than 16 kilobytes and reallocated the buffer, intended to store the message, and then use the dangling pointer to control execution flaw.

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on the target system.

Remediation

Update to version 1.1.0b.

External links

https://www.openssl.org/news/secadv/20160926.txt

#VU661 Use after free error in OpenSSL and Oracle VM VirtualBox - CVE-2016-6309

Description

Remediation

External links

Please verify you're human