CVE-2016-6306

Source
Severity Low
Remote Yes
Type Denial of service
Description
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
Group Package Affected Fixed Severity Status Ticket
AVG-30 lib32-openssl 1:1.0.2.h-1 1:1.0.2.i-1 High Fixed
AVG-29 openssl 1.0.2.h-1 1.0.2.i-1 High Fixed FS#49616
Date Advisory Group Package Severity Description
26 Sep 2016 ASA-201609-24 AVG-30 lib32-openssl High multiple issues
26 Sep 2016 ASA-201609-23 AVG-29 openssl High multiple issues
References
https://www.openssl.org/news/secadv/20160922.txt