Denial of Service : OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.107051
Categoría:	Denial of Service
Título:	OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability - Windows
Resumen:	OpenSSL is prone to a Denial of Service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a Denial of Service (DoS) vulnerability. Vulnerability Insight: OpenSSL suffers from the possibility of DoS attack through sending a large OCSP Status Request extensions which lead to unbounded memory growth on the server which in turn lead to denial of service. Vulnerability Impact: Successful exploitation could result in service crash. Affected Software/OS: OpenSSL 1.1.0 and previous versions. Solution: OpenSSL 1.1.0 users should upgrade to 1.1.0a. OpenSSL 1.0.2 users should upgrade to 1.0.2i. OpenSSL 1.0.1 users should upgrade to 1.0.1u. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6304 BugTraq ID: 93150 http://www.securityfocus.com/bid/93150 Debian Security Information: DSA-3673 (Google Search) http://www.debian.org/security/2016/dsa-3673 FreeBSD Security Advisory: FreeBSD-SA-16:26 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc http://seclists.org/fulldisclosure/2016/Oct/62 http://seclists.org/fulldisclosure/2016/Dec/47 http://seclists.org/fulldisclosure/2017/Jul/31 https://security.gentoo.org/glsa/201612-16 http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 RedHat Security Advisories: RHSA-2016:1940 http://rhn.redhat.com/errata/RHSA-2016-1940.html RedHat Security Advisories: RHSA-2016:2802 http://rhn.redhat.com/errata/RHSA-2016-2802.html RedHat Security Advisories: RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1413 RedHat Security Advisories: RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1414 RedHat Security Advisories: RHSA-2017:1415 http://rhn.redhat.com/errata/RHSA-2017-1415.html RedHat Security Advisories: RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:1658 RedHat Security Advisories: RHSA-2017:1659 http://rhn.redhat.com/errata/RHSA-2017-1659.html RedHat Security Advisories: RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1801 RedHat Security Advisories: RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:1802 RedHat Security Advisories: RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493 RedHat Security Advisories: RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494 http://www.securitytracker.com/id/1036878 http://www.securitytracker.com/id/1037640 SuSE Security Announcement: SUSE-SU-2016:2387 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html SuSE Security Announcement: SUSE-SU-2016:2394 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html SuSE Security Announcement: SUSE-SU-2016:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html SuSE Security Announcement: SUSE-SU-2016:2469 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html SuSE Security Announcement: SUSE-SU-2017:2699 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html SuSE Security Announcement: SUSE-SU-2017:2700 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:2391 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html SuSE Security Announcement: openSUSE-SU-2016:2407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:2496 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:2537 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html SuSE Security Announcement: openSUSE-SU-2016:2769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:2788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html SuSE Security Announcement: openSUSE-SU-2018:0458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html http://www.ubuntu.com/usn/USN-3087-1 http://www.ubuntu.com/usn/USN-3087-2
Copyright	Copyright (C) 2016 Greenbone AG