Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Denial of Service
Title:OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability (Windows)
Summary:OpenSSL is prone to a Denial of Service (DoS) vulnerability.
OpenSSL is prone to a Denial of Service (DoS) vulnerability.

Vulnerability Insight:
OpenSSL suffers from the possibility of DoS attack through sending a large OCSP
Status Request extensions which lead to unbounded memory growth on the server which in turn lead to denial of service.

Vulnerability Impact:
Successful exploitation could result in service crash.

Affected Software/OS:
OpenSSL 1.1.0 and previous versions.

OpenSSL 1.1.0 users should upgrade to 1.1.0a. OpenSSL 1.0.2 users should upgrade to 1.0.2i.
OpenSSL 1.0.1 users should upgrade to 1.0.1u.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-6304
BugTraq ID: 93150
FreeBSD Security Advisory: FreeBSD-SA-16:26
RedHat Security Advisories: RHSA-2016:1940
RedHat Security Advisories: RHSA-2016:2802
RedHat Security Advisories: RHSA-2017:1413
RedHat Security Advisories: RHSA-2017:1414
RedHat Security Advisories: RHSA-2017:1415
RedHat Security Advisories: RHSA-2017:1658
RedHat Security Advisories: RHSA-2017:1659
RedHat Security Advisories: RHSA-2017:1801
RedHat Security Advisories: RHSA-2017:1802
RedHat Security Advisories: RHSA-2017:2493
RedHat Security Advisories: RHSA-2017:2494
SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search)
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.