CVE-2016-6306 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Denial of service |
| Description | In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-30 | lib32-openssl | 1:1.0.2.h-1 | 1:1.0.2.i-1 | High | Fixed | |
| AVG-29 | openssl | 1.0.2.h-1 | 1.0.2.i-1 | High | Fixed | FS#49616 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 26 Sep 2016 | ASA-201609-24 | AVG-30 | lib32-openssl | High | multiple issues |
| 26 Sep 2016 | ASA-201609-23 | AVG-29 | openssl | High | multiple issues |
| References |
|---|
https://www.openssl.org/news/secadv/20160922.txt |