Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before
1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of
service (memory consumption) via large OCSP Status Request extensions.

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchopenssl< 1.0.2g-1ubuntu9UNKNOWN
ubuntu18.04noarchopenssl< 1.0.2g-1ubuntu9UNKNOWN
ubuntu18.10noarchopenssl< 1.0.2g-1ubuntu9UNKNOWN
ubuntu19.04noarchopenssl< 1.0.2g-1ubuntu9UNKNOWN
ubuntu12.04noarchopenssl< 1.0.1-4ubuntu5.37UNKNOWN
ubuntu14.04noarchopenssl< 1.0.1f-1ubuntu2.20UNKNOWN
ubuntu16.04noarchopenssl< 1.0.2g-1ubuntu4.4UNKNOWN
ubuntu16.10noarchopenssl< 1.0.2g-1ubuntu9UNKNOWN
ubuntu17.04noarchopenssl< 1.0.2g-1ubuntu9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	openssl	< 1.0.2g-1ubuntu9	UNKNOWN
ubuntu	18.04	noarch	openssl	< 1.0.2g-1ubuntu9	UNKNOWN
ubuntu	18.10	noarch	openssl	< 1.0.2g-1ubuntu9	UNKNOWN
ubuntu	19.04	noarch	openssl	< 1.0.2g-1ubuntu9	UNKNOWN
ubuntu	12.04	noarch	openssl	< 1.0.1-4ubuntu5.37	UNKNOWN
ubuntu	14.04	noarch	openssl	< 1.0.1f-1ubuntu2.20	UNKNOWN
ubuntu	16.04	noarch	openssl	< 1.0.2g-1ubuntu4.4	UNKNOWN
ubuntu	16.10	noarch	openssl	< 1.0.2g-1ubuntu9	UNKNOWN
ubuntu	17.04	noarch	openssl	< 1.0.2g-1ubuntu9	UNKNOWN

References

security.360.cn/cve/CVE-2016-6304/

launchpad.net/bugs/cve/CVE-2016-6304

nvd.nist.gov/vuln/detail/CVE-2016-6304

security-tracker.debian.org/tracker/CVE-2016-6304

ubuntu.com/security/notices/USN-3087-1

www.cve.org/CVERecord?id=CVE-2016-6304

www.openssl.org/news/secadv/20160922.txt

prion 1

openvas 36

zdt 1

f5 3

redhat 11

nessus 46

hackerone 1

cvelist 1

cve 1

veracode 2

alpinelinux 1

checkpoint_advisories 1

osv 2

debiancve 1

openssl 1

thn 1

amazon 1

threatpost 2

ibm 58

suse 1

kaspersky 1

ics 1

oraclelinux 1

altlinux 5

centos 1

fedora 3

freebsd_advisory 1

cloudfoundry 1

archlinux 2

mageia 1

ubuntu 1

debian 1

aix 1

arista 1

gentoo 1

fortinet 1

slackware 1

freebsd 1

symantec 1

huawei 1

prion

Design/Logic Flaw

2016-09-26 19:59:00

openvas

OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability - Linux

2016-09-26 00:00:00

OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability - Windows

2016-09-26 00:00:00

F5 BIG-IP - OpenSSL vulnerability CVE-2016-6304

2016-11-03 00:00:00

zdt

OpenSSL OCSP Status Request Extension Unbounded Memory Growth Vulnerability

2016-10-21 00:00:00

K54211024 : OpenSSL vulnerability CVE-2016-6304

2016-11-02 00:00:00

SOL54211024 - OpenSSL vulnerability CVE-2016-6304

2016-11-02 00:00:00

SOL22071504 - September 2016 OpenSSL security vulnerability announcement

2016-09-22 00:00:00

redhat

(RHSA-2016:2802) Important: openssl security update

2016-11-17 12:52:35

(RHSA-2017:1659) Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update

2017-06-28 19:59:12

(RHSA-2017:2493) Important: Red Hat JBoss Web Server 2 security update

2017-08-21 15:21:19

nessus

F5 Networks BIG-IP : OpenSSL vulnerability (K54211024)

2016-11-03 00:00:00

RHEL 6 : openssl (RHSA-2016:2802)

2016-11-17 00:00:00

Amazon Linux AMI : openssl (ALAS-2016-749)

2016-09-23 00:00:00

hackerone

Internet Bug Bounty: OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

2017-03-29 01:24:57

cvelist

CVE-2016-6304

2016-09-26 00:00:00

cve

CVE-2016-6304

2016-09-26 19:59:00

veracode

Denial Of Service (DoS)

2017-01-26 01:52:41

Denial Of Service (DoS)

2019-01-15 09:14:47

alpinelinux

CVE-2016-6304

2016-09-26 19:59:00

checkpoint_advisories

OpenSSL OCSP Extension Unbounded Memory Denial of Service (CVE-2016-6304)

2016-09-22 00:00:00

osv

CVE-2016-6304

2016-09-26 19:59:00

openssl - regression update

2016-09-22 00:00:00

debiancve

CVE-2016-6304

2016-09-26 19:59:00

openssl

Vulnerability in OpenSSL CVE-2016-6304

2016-09-22 00:00:00

thn

Critical DoS Flaw found in OpenSSL — How It Works

2016-09-23 01:10:00

amazon

Important: openssl

2016-09-22 16:00:00

threatpost

OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack

2016-09-23 15:47:13

Oracle Fixes 253 Vulnerabilities in Last CPU of 2016

2016-10-19 13:39:40

ibm

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Enterprise Content Management System Monitor (CVE-2016-6304, CVE-2016-2177)

2018-06-17 12:17:29

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator

2020-02-05 00:53:36

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Active Bypass (CVE-2016-6304, CVE-2016-6303, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )

2018-06-16 21:49:05

suse

Security update for nodejs4 (important)

2016-11-01 16:19:35

kaspersky

KLA10888 Multiple vulnerabilities in Oracle VM VirtualBox

2016-10-19 00:00:00

ics

Advantech Spectre RT Industrial Routers

2021-02-23 12:00:00

oraclelinux

openssl security update

2016-09-27 00:00:00

altlinux

Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2i-alt1

2016-09-22 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.2i-alt1

2016-09-22 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2i-alt1

2016-09-22 00:00:00

centos

openssl security update

2016-09-28 14:48:04

fedora

[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25

2016-10-09 03:28:42

[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23

2016-10-11 23:24:05

[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24

2016-09-28 01:57:16

freebsd_advisory

FreeBSD-SA-16:26.openssl

2016-09-23 00:00:00

cloudfoundry

USN-3087-2 OpenSSL Regression | Cloud Foundry

2016-09-28 00:00:00

archlinux

[ASA-201609-24] lib32-openssl: multiple issues

2016-09-26 00:00:00

[ASA-201609-23] openssl: multiple issues

2016-09-26 00:00:00

mageia

Updated openssl packages fix security vulnerabilities

2016-10-12 01:12:20

ubuntu

OpenSSL regression

2016-09-23 00:00:00

debian

[SECURITY] [DSA 3673-1] openssl security update

2016-09-22 16:50:14

aix

Vulnerabilities in OpenSSL affect AIX

2016-11-14 13:29:26

arista

Security Advisory 0024

2016-10-04 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2016-12-07 00:00:00

fortinet

OpenSSL Security Advisory [22 Sept 2016]

2017-04-03 00:00:00

slackware

[slackware-security] openssl

2016-09-22 18:53:12

freebsd

OpenSSL -- multiple vulnerabilities

2016-09-22 00:00:00

symantec

SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016

2016-10-06 08:00:00

huawei

Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products

2017-03-22 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.566 Medium

EPSS

Percentile

97.7%

JSON

Related for UB:CVE-2016-6304