Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2179

Опубликовано: 30 июн. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 5
EPSS Средний

Описание

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslWill not fix
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat JBoss Core ServicesopensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslWill not fix
Red Hat JBoss Enterprise Web Server 2opensslWill not fix
Red Hat JBoss Enterprise Web Server 3opensslNot affected
Red Hat Enterprise Linux 6opensslFixedRHSA-2016:194027.09.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-772
https://bugzilla.redhat.com/show_bug.cgi?id=1369504openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer

EPSS

Процентиль: 95%
0.18403
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2179

CVSS3: 7.5
ubuntu
почти 9 лет назад

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

nvd логотип

CVE-2016-2179

CVSS3: 7.5
nvd
почти 9 лет назад

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

debian логотип

CVE-2016-2179

CVSS3: 7.5
debian
почти 9 лет назад

The DTLS implementation in OpenSSL before 1.1.0 does not properly rest ...

github логотип

GHSA-jxqp-p5q4-rm6m

CVSS3: 7.5
github
около 3 лет назад

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

fstec логотип

BDU:2022-02557

CVSS3: 7.5
fstec
почти 9 лет назад

Уязвимость реализации протокола DTLS библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 95%
0.18403
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2