CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Published at
2016-09-26T19:59Z
2778 days ago
Modified
2022-12-13T12:15Z
509 days ago
CWE-401
Problem type
Impact
- CVSS v3 vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Severity Score Vector
7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
GET https://vulnerabilitydata.com/api/details/CVE-2016-6304
{
"id": "CVE-2016-6304",
"published_date": "2016-09-26T19:59Z",
"last_modified_date": "2022-12-13T12:15Z",
"assigner": "secalert@redhat.com",
"description": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.",
"references": [
{
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137",
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://www.openssl.org/news/secadv/20160922.txt",
"name": "https://www.openssl.org/news/secadv/20160922.txt",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
"name": "SUSE-SU-2016:2470",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/93150",
"name": "93150",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.splunk.com/view/SP-CAAAPUE",
"name": "http://www.splunk.com/view/SP-CAAAPUE",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.splunk.com/view/SP-CAAAPSV",
"name": "http://www.splunk.com/view/SP-CAAAPSV",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/201612-16",
"name": "GLSA-201612-16",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa132",
"name": "https://bto.bluecoat.com/security-advisory/sa132",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html",
"name": "RHSA-2016:2802",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.tenable.com/security/tns-2016-16",
"name": "https://www.tenable.com/security/tns-2016-16",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securitytracker.com/id/1037640",
"name": "1037640",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1036878",
"name": "1036878",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.tenable.com/security/tns-2016-21",
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.tenable.com/security/tns-2016-20",
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc",
"name": "FreeBSD-SA-16:26",
"refsource": "FREEBSD",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2494",
"name": "RHSA-2017:2494",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:2493",
"name": "RHSA-2017:2493",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1802",
"name": "RHSA-2017:1802",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1801",
"name": "RHSA-2017:1801",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1658",
"name": "RHSA-2017:1658",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1414",
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2017:1413",
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html",
"name": "RHSA-2017:1659",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html",
"name": "RHSA-2016:1940",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html",
"name": "openSUSE-SU-2016:2788",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html",
"name": "openSUSE-SU-2016:2769",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html",
"name": "SUSE-SU-2016:2458",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2016/dsa-3673",
"name": "DSA-3673",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html",
"name": "SUSE-SU-2016:2394",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html",
"name": "SUSE-SU-2017:2699",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html",
"name": "openSUSE-SU-2016:2537",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2016/Oct/62",
"name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html",
"name": "SUSE-SU-2016:2469",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html",
"name": "openSUSE-SU-2018:0458",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-3087-2",
"name": "USN-3087-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html",
"name": "openSUSE-SU-2016:2391",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2016/Dec/47",
"name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html",
"name": "SUSE-SU-2016:2468",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-3087-1",
"name": "USN-3087-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html",
"name": "openSUSE-SU-2016:2407",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html",
"name": "SUSE-SU-2017:2700",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2017/Jul/31",
"name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html",
"name": "openSUSE-SU-2016:2496",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html",
"name": "SUSE-SU-2016:2387",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html",
"name": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"refsource": "CONFIRM",
"tags": []
}
],
"impact": {
"baseMetricV3": {
"cvssV3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8
},
"severity": "HIGH",
"exploitabilityScore": 10,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"problem_type": "CWE-401"
}