Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2181

Опубликовано: 05 июл. 2016
Источник: redhat
CVSS3: 5.9
CVSS2: 4.3
EPSS Средний

Описание

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslWill not fix
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat JBoss Core ServicesopensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslWill not fix
Red Hat JBoss Enterprise Web Server 2opensslWill not fix
Red Hat JBoss Enterprise Web Server 3opensslNot affected
Red Hat Enterprise Linux 6opensslFixedRHSA-2016:194027.09.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1369113openssl: DTLS replay protection bypass allows DoS against DTLS connection

EPSS

Процентиль: 96%
0.23026
Средний

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2181

CVSS3: 7.5
ubuntu
почти 9 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

nvd логотип

CVE-2016-2181

CVSS3: 7.5
nvd
почти 9 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

debian логотип

CVE-2016-2181

CVSS3: 7.5
debian
почти 9 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1 ...

github логотип

GHSA-mpfh-46p6-w5g3

CVSS3: 7.5
github
около 3 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

fstec логотип

BDU:2016-02168

fstec
почти 9 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 96%
0.23026
Средний

5.9 Medium

CVSS3

4.3 Medium

CVSS2