Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2181

Опубликовано: 05 июл. 2016
Источник: redhat
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslWill not fix
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat JBoss Core ServicesopensslNot affected
Red Hat JBoss Enterprise Application Platform 6opensslNot affected
Red Hat JBoss Enterprise Web Server 1opensslWill not fix
Red Hat JBoss Enterprise Web Server 2opensslWill not fix
Red Hat JBoss Enterprise Web Server 3opensslNot affected
Red Hat Enterprise Linux 6opensslFixedRHSA-2016:194027.09.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1369113openssl: DTLS replay protection bypass allows DoS against DTLS connection

EPSS

Процентиль: 92%
0.0819
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2181

CVSS3: 7.5
ubuntu
около 9 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

nvd логотип

CVE-2016-2181

CVSS3: 7.5
nvd
около 9 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

debian логотип

CVE-2016-2181

CVSS3: 7.5
debian
около 9 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1 ...

github логотип

GHSA-mpfh-46p6-w5g3

CVSS3: 7.5
github
больше 3 лет назад

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

fstec логотип

BDU:2016-02168

fstec
около 9 лет назад

Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 92%
0.0819
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2