CVE-2016-6304 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Denial of service |
| Description | A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-30 | lib32-openssl | 1:1.0.2.h-1 | 1:1.0.2.i-1 | High | Fixed | |
| AVG-29 | openssl | 1.0.2.h-1 | 1.0.2.i-1 | High | Fixed | FS#49616 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 26 Sep 2016 | ASA-201609-24 | AVG-30 | lib32-openssl | High | multiple issues |
| 26 Sep 2016 | ASA-201609-23 | AVG-29 | openssl | High | multiple issues |
| References |
|---|
https://www.openssl.org/news/secadv/20160922.txt |