7.5

CVE-2016-6305

Exploit
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16% 0.965
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.tenable.com/security/tns-2016-20
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
https://security.gentoo.org/glsa/201612-16
https://bto.bluecoat.com/security-advisory/sa132
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-21
https://www.openssl.org/news/secadv/20160922.txt
Vendor Advisory
http://www.securityfocus.com/bid/93149
http://www.securitytracker.com/id/1036879
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9
https://github.com/openssl/openssl/issues/1563
Exploit
Issue Tracking