CVE-2016-6307 - OpenCVE

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openssl	Openssl

Configuration 1 [-]

cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*

References

Link	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/93152
http://www.securitytracker.com/id/1036885
https://bto.bluecoat.com/security-advisory/sa132
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650
https://www.openssl.org/news/secadv/20160922.txt	Vendor Advisory
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
https://www.tenable.com/security/tns-2016-21

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-09-26T00:00:00

Updated: 2022-12-13T00:00:00

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6307

JSON object: View

NVD Information

Status : Modified

Published: 2016-09-26T19:59:04.033

Modified: 2023-11-07T02:33:57.377

Link: CVE-2016-6307

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2016-6307", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2022-12-13T00:00:00", "dateReserved": "2016-07-26T00:00:00", "datePublished": "2016-09-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.openssl.org/news/secadv/20160922.txt"}, {"url": "https://www.tenable.com/security/tns-2016-20"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"name": "1036885", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1036885"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"url": "https://www.tenable.com/security/tns-2016-16"}, {"url": "https://www.tenable.com/security/tns-2016-21"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"url": "https://bto.bluecoat.com/security-advisory/sa132"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"name": "93152", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/93152"}, {"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2016-09-22T00:00:00"}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c."}, {"lang": "es", "value": "La implementaci\u00f3n de m\u00e1quina de estados en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a asigna memoria antes de comprobar un exceso de longitud, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de mensajes TLS manipulados, relacionado con statem/statem.c y statem/statem_lib.c."}], "id": "CVE-2016-6307", "lastModified": "2023-11-07T02:33:57.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-26T19:59:04.033", "references": [{"source": "secalert@redhat.com", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"}, {"source": "secalert@redhat.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/93152"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1036885"}, {"source": "secalert@redhat.com", "url": "https://bto.bluecoat.com/security-advisory/sa132"}, {"source": "secalert@redhat.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}, {"source": "secalert@redhat.com", "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=4b390b6c3f8df925dc92a3dd6b022baa9a2f4650"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20160922.txt"}, {"source": "secalert@redhat.com", "url": "https://www.tenable.com/security/tns-2016-16"}, {"source": "secalert@redhat.com", "url": "https://www.tenable.com/security/tns-2016-20"}, {"source": "secalert@redhat.com", "url": "https://www.tenable.com/security/tns-2016-21"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}