CVE-2016-6302

Source
Severity Low
Remote Yes
Type Denial of service
Description
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
Group Package Affected Fixed Severity Status Ticket
AVG-30 lib32-openssl 1:1.0.2.h-1 1:1.0.2.i-1 High Fixed
AVG-29 openssl 1.0.2.h-1 1.0.2.i-1 High Fixed FS#49616
Date Advisory Group Package Severity Description
26 Sep 2016 ASA-201609-24 AVG-30 lib32-openssl High multiple issues
26 Sep 2016 ASA-201609-23 AVG-29 openssl High multiple issues
References
https://www.openssl.org/news/secadv/20160922.txt