---

CVE-2016-6306 - log back

CVE-2016-6306 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Remote
Type	+ Denial of service
Description	+ In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. + The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
References	+ https://www.openssl.org/news/secadv/20160922.txt
Notes