Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-8610

Опубликовано: 13 нояб. 2017
Источник: debian
EPSS Средний

Описание

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
opensslfixed1.0.2j-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2016/10/24/3

  • Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401

  • https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions countermeasures in gnutls

  • https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e

EPSS

Процентиль: 99%
0.69235
Средний

Связанные уязвимости

ubuntu логотип

CVE-2016-8610

CVSS3: 7.5
ubuntu
больше 7 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

redhat логотип

CVE-2016-8610

CVSS3: 7.5
redhat
больше 8 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

nvd логотип

CVE-2016-8610

CVSS3: 7.5
nvd
больше 7 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

suse-cvrf логотип

SUSE-SU-2018:3994-1

suse-cvrf
больше 6 лет назад

Security update for compat-openssl097g

github логотип

GHSA-v2q2-jxh8-m5h8

CVSS3: 7.5
github
около 3 лет назад

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

EPSS

Процентиль: 99%
0.69235
Средний