// For flags

CVE-2016-6304

openssl: OCSP Status Request extension unbounded memory growth

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Múltiples fugas de memoria en t1_lib.c en OpenSSL en versiones anteriores a 1.0.1u, 1.0.2 en versiones anteriores a 1.0.2i y 1.1.0 en versiones anteriores a 1.1.0a permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de grandes extensiones OCSP Status Request

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

Double-free and invalid-free vulnerabilities in x509 parsing were found in the latest OpenSSL (1.1.0b).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-07-26 CVE Reserved
  • 2016-09-22 CVE Published
  • 2024-05-03 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (64)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory
http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html Third Party Advisory
http://seclists.org/fulldisclosure/2016/Dec/47 Mailing List
http://seclists.org/fulldisclosure/2016/Oct/62 Mailing List
http://seclists.org/fulldisclosure/2017/Jul/31 Mailing List
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory
http://www.securityfocus.com/bid/93150 Third Party Advisory
http://www.securitytracker.com/id/1036878 Third Party Advisory
http://www.securitytracker.com/id/1037640 Third Party Advisory
http://www.splunk.com/view/SP-CAAAPSV Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUE Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10171 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 Third Party Advisory
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 Third Party Advisory
https://www.tenable.com/security/tns-2016-16 Third Party Advisory
https://www.tenable.com/security/tns-2016-20 Third Party Advisory
https://www.tenable.com/security/tns-2016-21 Third Party Advisory
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-1940.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2802.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2017-1415.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2017-1659.html 2023-11-07
http://www.debian.org/security/2016/dsa-3673 2023-11-07
http://www.ubuntu.com/usn/USN-3087-1 2023-11-07
http://www.ubuntu.com/usn/USN-3087-2 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1413 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1414 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1658 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1801 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1802 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2493 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2494 2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc 2023-11-07
https://security.gentoo.org/glsa/201612-16 2023-11-07
https://www.openssl.org/news/secadv/20160922.txt 2023-11-07
https://access.redhat.com/security/cve/CVE-2016-6304 2017-08-21
https://bugzilla.redhat.com/show_bug.cgi?id=1377600 2017-08-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2a
Search vendor "Openssl" for product "Openssl" and version "1.0.2a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2b
Search vendor "Openssl" for product "Openssl" and version "1.0.2b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2c
Search vendor "Openssl" for product "Openssl" and version "1.0.2c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2d
Search vendor "Openssl" for product "Openssl" and version "1.0.2d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2e
Search vendor "Openssl" for product "Openssl" and version "1.0.2e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2f
Search vendor "Openssl" for product "Openssl" and version "1.0.2f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.2h
Search vendor "Openssl" for product "Openssl" and version "1.0.2h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.1.0
Search vendor "Openssl" for product "Openssl" and version "1.1.0"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1i
Search vendor "Openssl" for product "Openssl" and version "1.0.1i"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1j
Search vendor "Openssl" for product "Openssl" and version "1.0.1j"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1k
Search vendor "Openssl" for product "Openssl" and version "1.0.1k"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1l
Search vendor "Openssl" for product "Openssl" and version "1.0.1l"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1m
Search vendor "Openssl" for product "Openssl" and version "1.0.1m"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1n
Search vendor "Openssl" for product "Openssl" and version "1.0.1n"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1o
Search vendor "Openssl" for product "Openssl" and version "1.0.1o"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1p
Search vendor "Openssl" for product "Openssl" and version "1.0.1p"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1q
Search vendor "Openssl" for product "Openssl" and version "1.0.1q"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1r
Search vendor "Openssl" for product "Openssl" and version "1.0.1r"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1s
Search vendor "Openssl" for product "Openssl" and version "1.0.1s"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
1.0.1t
Search vendor "Openssl" for product "Openssl" and version "1.0.1t"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 0.10.0 < 0.10.47
Search vendor "Nodejs" for product "Node.js" and version " >= 0.10.0 < 0.10.47"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 0.12.0 < 0.12.16
Search vendor "Nodejs" for product "Node.js" and version " >= 0.12.0 < 0.12.16"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 4.0.0 < 4.6.0
Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 < 4.6.0"
-
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 6.0.0 < 6.7.0
Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 < 6.7.0"
-
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Module For Web Scripting
Search vendor "Novell" for product "Suse Linux Enterprise Module For Web Scripting"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Module For Web Scripting" and version "12.0"
-
Affected