#VU818 Denial of service in OpenSSL and Oracle VM VirtualBox - CVE-2016-6308
Published: October 10, 2016 / Updated: January 5, 2017
Vulnerability identifier: #VU818
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6308
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OpenSSL
Oracle VM VirtualBox
OpenSSL
Oracle VM VirtualBox
Software vendor:
OpenSSL Software Foundation
Oracle
OpenSSL Software Foundation
Oracle
Description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service.
Successful exploitation of the vulnerability will allow a malicious user to trigger the vulnerable service to deny.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service.
Successful exploitation of the vulnerability will allow a malicious user to trigger the vulnerable service to deny.
Remediation
Update 1.1.0 to version 1.1.0a.