Open mend-bolt-for-github[bot] opened 1 year ago
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in HEAD commit: 324810317981b91bee177f96efc4d7b59e34525c
Found in base branch: master
/ssl/t1_lib.c
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Publish Date: 2016-09-26
URL: CVE-2016-6304
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
Release Date: 2016-09-26
Fix Resolution: 1.0.1u,1.0.2i,1.1.0a
Step up your Open Source Security Game with Mend here
CVE-2016-6304 - High Severity Vulnerability
Vulnerable Library - opensslOpenSSL_1_0_2
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in HEAD commit: 324810317981b91bee177f96efc4d7b59e34525c
Found in base branch: master
Vulnerable Source Files (1)
/ssl/t1_lib.c
Vulnerability Details
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Publish Date: 2016-09-26
URL: CVE-2016-6304
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
Release Date: 2016-09-26
Fix Resolution: 1.0.1u,1.0.2i,1.1.0a
Step up your Open Source Security Game with Mend here