CVE-2016-7054
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
Published at
2017-05-04T19:29Z
2558 days ago
Modified
2017-09-03T01:29Z
2437 days ago
CWE-284
Problem type
Impact
- CVSS v3 vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Severity Score Vector
7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
URL | Type |
---|---|
www.openssl.org https://www.openssl.org/news/secadv/20161110.txt | CONFIRM |
94238 http://www.securityfocus.com/bid/94238 | BID |
h20566.www2.hpe.com https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us | CONFIRM |
1037261 http://www.securitytracker.com/id/1037261 | SECTRACK |
40899 https://www.exploit-db.com/exploits/40899/ | EXPLOIT-DB |
GET https://vulnerabilitydata.com/api/details/CVE-2016-7054
{ "id": "CVE-2016-7054", "published_date": "2017-05-04T19:29Z", "last_modified_date": "2017-09-03T01:29Z", "assigner": "openssl-security@openssl.org", "description": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.", "references": [ { "url": "https://www.openssl.org/news/secadv/20161110.txt", "name": "https://www.openssl.org/news/secadv/20161110.txt", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/94238", "name": "94238", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", "refsource": "CONFIRM", "tags": [] }, { "url": "http://www.securitytracker.com/id/1037261", "name": "1037261", "refsource": "SECTRACK", "tags": [] }, { "url": "https://www.exploit-db.com/exploits/40899/", "name": "40899", "refsource": "EXPLOIT-DB", "tags": [] } ], "impact": { "baseMetricV3": { "cvssV3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5 }, "severity": "MEDIUM", "exploitabilityScore": 10, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } }, "problem_type": "CWE-284" }