Vulnerability Details : CVE-2016-6305
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-6305
Probability of exploitation activity in the next 30 days: 57.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6305
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-6305
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6305
-
https://security.gentoo.org/glsa/201612-16
OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security
-
https://github.com/openssl/openssl/issues/1563
OpenSSL 1.1.0 hangs (CPU pegged) when SSL_peek is used with TLSv1 · Issue #1563 · openssl/openssl · GitHubExploit;Issue Tracking
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018
-
https://www.tenable.com/security/tns-2016-20
[R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable®
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018
-
https://www.tenable.com/security/tns-2016-21
[R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable®
-
https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9
git.openssl.org Git - openssl.git/commitIssue Tracking
-
http://www.securitytracker.com/id/1036879
OpenSSL SSL_peek() Bug Lets Remote Authenticated Users Cause the Target Service to Hang - SecurityTracker
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017
-
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
IBM notice: The page you requested cannot be displayed
-
http://www.securityfocus.com/bid/93149
OpenSSL CVE-2016-6305 Denial of Service Vulnerability
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Oracle Critical Patch Update - October 2016
-
https://www.tenable.com/security/tns-2016-16
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®
-
https://bto.bluecoat.com/security-advisory/sa132
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates
-
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Oracle Critical Patch Update - July 2017
-
https://www.openssl.org/news/secadv/20160922.txt
Vendor Advisory
Products affected by CVE-2016-6305
- cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*