---

CVE-2016-6304 - log back

CVE-2016-6304 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Denial of service
Description	+ A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
References	+ https://www.openssl.org/news/secadv/20160922.txt
Notes