Vulnerability & Exploit Database

Back to search

OpenSSL Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

Severity CVSS Published Added Modified
7 (AV:N/AC:M/Au:N/C:N/I:N/A:C) September 23, 2016 September 23, 2016 October 30, 2017

Description

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

http-openssl-1_1_0-upgrade-1_1_0_a

Related Vulnerabilities