CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Published at
2016-09-26T19:59Z
2778 days ago
Modified
2022-12-13T12:15Z
509 days ago
CWE-401
Problem type
Impact
- CVSS v3 vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Severity Score Vector
7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
GET https://vulnerabilitydata.com/api/details/CVE-2016-6304
{ "id": "CVE-2016-6304", "published_date": "2016-09-26T19:59Z", "last_modified_date": "2022-12-13T12:15Z", "assigner": "secalert@redhat.com", "description": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.", "references": [ { "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137", "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Vendor Advisory" ] }, { "url": "https://www.openssl.org/news/secadv/20160922.txt", "name": "https://www.openssl.org/news/secadv/20160922.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "name": "SUSE-SU-2016:2470", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", "name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/93150", "name": "93150", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.splunk.com/view/SP-CAAAPUE", "name": "http://www.splunk.com/view/SP-CAAAPUE", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.splunk.com/view/SP-CAAAPSV", "name": "http://www.splunk.com/view/SP-CAAAPSV", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/201612-16", "name": "GLSA-201612-16", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ] }, { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "https://bto.bluecoat.com/security-advisory/sa132", "name": "https://bto.bluecoat.com/security-advisory/sa132", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html", "name": "RHSA-2016:2802", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.tenable.com/security/tns-2016-16", "name": "https://www.tenable.com/security/tns-2016-16", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securitytracker.com/id/1037640", "name": "1037640", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1036878", "name": "1036878", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.tenable.com/security/tns-2016-21", "name": "https://www.tenable.com/security/tns-2016-21", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.tenable.com/security/tns-2016-20", "name": "https://www.tenable.com/security/tns-2016-20", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", "name": "FreeBSD-SA-16:26", "refsource": "FREEBSD", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:2494", "name": "RHSA-2017:2494", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:2493", "name": "RHSA-2017:2493", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:1802", "name": "RHSA-2017:1802", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:1801", "name": "RHSA-2017:1801", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:1658", "name": "RHSA-2017:1658", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:1414", "name": "RHSA-2017:1414", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:1413", "name": "RHSA-2017:1413", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html", "name": "RHSA-2017:1659", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html", "name": "RHSA-2017:1415", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html", "name": "RHSA-2016:1940", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html", "name": "openSUSE-SU-2016:2788", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html", "name": "openSUSE-SU-2016:2769", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", "name": "SUSE-SU-2016:2458", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.debian.org/security/2016/dsa-3673", "name": "DSA-3673", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", "name": "SUSE-SU-2016:2394", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", "name": "SUSE-SU-2017:2699", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", "name": "openSUSE-SU-2016:2537", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", "refsource": "MISC", "tags": [ "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2016/Oct/62", "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", "name": "SUSE-SU-2016:2469", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", "name": "openSUSE-SU-2018:0458", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://www.ubuntu.com/usn/USN-3087-2", "name": "USN-3087-2", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", "name": "openSUSE-SU-2016:2391", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2016/Dec/47", "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", "name": "SUSE-SU-2016:2468", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.ubuntu.com/usn/USN-3087-1", "name": "USN-3087-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", "name": "openSUSE-SU-2016:2407", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", "name": "SUSE-SU-2017:2700", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2017/Jul/31", "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", "name": "openSUSE-SU-2016:2496", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", "name": "SUSE-SU-2016:2387", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html", "name": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html", "refsource": "MISC", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "refsource": "CONFIRM", "tags": [] } ], "impact": { "baseMetricV3": { "cvssV3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "severity": "HIGH", "exploitabilityScore": 10, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } }, "problem_type": "CWE-401" }