#VU820 Denial of service in OpenSSL - CVE-2016-6305
Published: October 10, 2016 / Updated: April 17, 2018
Vulnerability identifier: #VU820
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6305
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OpenSSL
OpenSSL
Software vendor:
OpenSSL Software Foundation
OpenSSL Software Foundation
Description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness is due to flaw in handling of SSL/TLS protocol during a call to SSL_peek(). By sending an empty record attackers can trigger the affected service hang or deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
The weakness is due to flaw in handling of SSL/TLS protocol during a call to SSL_peek(). By sending an empty record attackers can trigger the affected service hang or deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Remediation
Update 1.1.0 to version 1.1.0a.