CVE-2016-6304

openssl: OCSP Status Request extension unbounded memory growth

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Múltiples fugas de memoria en t1_lib.c en OpenSSL en versiones anteriores a 1.0.1u, 1.0.2 en versiones anteriores a 1.0.2i y 1.1.0 en versiones anteriores a 1.1.0a permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de grandes extensiones OCSP Status Request

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

Double-free and invalid-free vulnerabilities in x509 parsing were found in the latest OpenSSL (1.1.0b).

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-07-26 CVE Reserved
2016-09-22 CVE Published
2024-05-03 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (64)

URL	Tag	Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Third Party Advisory
http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html	Third Party Advisory
http://seclists.org/fulldisclosure/2016/Dec/47	Mailing List
http://seclists.org/fulldisclosure/2016/Oct/62	Mailing List
http://seclists.org/fulldisclosure/2017/Jul/31	Mailing List
http://www-01.ibm.com/support/docview.wss?uid=swg21995039	Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	Third Party Advisory
http://www.securityfocus.com/bid/93150	Third Party Advisory
http://www.securitytracker.com/id/1036878	Third Party Advisory
http://www.securitytracker.com/id/1037640	Third Party Advisory
http://www.splunk.com/view/SP-CAAAPSV	Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUE	Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa132	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10171	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215	Third Party Advisory
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24	Third Party Advisory
https://www.tenable.com/security/tns-2016-16	Third Party Advisory
https://www.tenable.com/security/tns-2016-20	Third Party Advisory
https://www.tenable.com/security/tns-2016-21	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-1940.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2802.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2017-1415.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2017-1659.html	2023-11-07
http://www.debian.org/security/2016/dsa-3673	2023-11-07
http://www.ubuntu.com/usn/USN-3087-1	2023-11-07
http://www.ubuntu.com/usn/USN-3087-2	2023-11-07
https://access.redhat.com/errata/RHSA-2017:1413	2023-11-07
https://access.redhat.com/errata/RHSA-2017:1414	2023-11-07
https://access.redhat.com/errata/RHSA-2017:1658	2023-11-07
https://access.redhat.com/errata/RHSA-2017:1801	2023-11-07
https://access.redhat.com/errata/RHSA-2017:1802	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2493	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2494	2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	2023-11-07
https://security.gentoo.org/glsa/201612-16	2023-11-07
https://www.openssl.org/news/secadv/20160922.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2016-6304	2017-08-21
https://bugzilla.redhat.com/show_bug.cgi?id=1377600	2017-08-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2a Search vendor "Openssl" for product "Openssl" and version "1.0.2a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2b Search vendor "Openssl" for product "Openssl" and version "1.0.2b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2c Search vendor "Openssl" for product "Openssl" and version "1.0.2c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2d Search vendor "Openssl" for product "Openssl" and version "1.0.2d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2e Search vendor "Openssl" for product "Openssl" and version "1.0.2e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2f Search vendor "Openssl" for product "Openssl" and version "1.0.2f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2h Search vendor "Openssl" for product "Openssl" and version "1.0.2h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0 Search vendor "Openssl" for product "Openssl" and version "1.1.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1i Search vendor "Openssl" for product "Openssl" and version "1.0.1i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1j Search vendor "Openssl" for product "Openssl" and version "1.0.1j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1k Search vendor "Openssl" for product "Openssl" and version "1.0.1k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1l Search vendor "Openssl" for product "Openssl" and version "1.0.1l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1m Search vendor "Openssl" for product "Openssl" and version "1.0.1m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1n Search vendor "Openssl" for product "Openssl" and version "1.0.1n"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1o Search vendor "Openssl" for product "Openssl" and version "1.0.1o"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1p Search vendor "Openssl" for product "Openssl" and version "1.0.1p"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1q Search vendor "Openssl" for product "Openssl" and version "1.0.1q"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1r Search vendor "Openssl" for product "Openssl" and version "1.0.1r"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1s Search vendor "Openssl" for product "Openssl" and version "1.0.1s"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1t Search vendor "Openssl" for product "Openssl" and version "1.0.1t"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 0.10.0 < 0.10.47 Search vendor "Nodejs" for product "Node.js" and version " >= 0.10.0 < 0.10.47"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 0.12.0 < 0.12.16 Search vendor "Nodejs" for product "Node.js" and version " >= 0.12.0 < 0.12.16"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 4.0.0 < 4.6.0 Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 < 4.6.0"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 6.0.0 < 6.7.0 Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 < 6.7.0"		-		Affected
Novell Search vendor "Novell"		Suse Linux Enterprise Module For Web Scripting Search vendor "Novell" for product "Suse Linux Enterprise Module For Web Scripting"				12.0 Search vendor "Novell" for product "Suse Linux Enterprise Module For Web Scripting" and version "12.0"		-		Affected