CVE-2016-2181

Source
Severity Low
Remote Yes
Type Denial of service
Description
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
Group Package Affected Fixed Severity Status Ticket
AVG-30 lib32-openssl 1:1.0.2.h-1 1:1.0.2.i-1 High Fixed
AVG-29 openssl 1.0.2.h-1 1.0.2.i-1 High Fixed FS#49616
Date Advisory Group Package Severity Description
26 Sep 2016 ASA-201609-24 AVG-30 lib32-openssl High multiple issues
26 Sep 2016 ASA-201609-23 AVG-29 openssl High multiple issues
References
https://www.openssl.org/news/secadv/20160922.txt