github - ghsa-7c6f-r892-6p89

ghsa-7c6f-r892-6p89

Vulnerability from github

Published

2022-05-13 01:05

Modified

2022-05-13 01:05

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2016-6304",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-401",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2016-09-26T19:59:00Z",
      severity: "HIGH",
   },
   details: "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.",
   id: "GHSA-7c6f-r892-6p89",
   modified: "2022-05-13T01:05:08Z",
   published: "2022-05-13T01:05:08Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6304",
      },
      {
         type: "WEB",
         url: "https://www.tenable.com/security/tns-2016-21",
      },
      {
         type: "WEB",
         url: "https://www.tenable.com/security/tns-2016-20",
      },
      {
         type: "WEB",
         url: "https://www.tenable.com/security/tns-2016-16",
      },
      {
         type: "WEB",
         url: "https://www.openssl.org/news/secadv/20160922.txt",
      },
      {
         type: "WEB",
         url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24",
      },
      {
         type: "WEB",
         url: "https://security.gentoo.org/glsa/201612-16",
      },
      {
         type: "WEB",
         url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc",
      },
      {
         type: "WEB",
         url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases",
      },
      {
         type: "WEB",
         url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215",
      },
      {
         type: "WEB",
         url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
      },
      {
         type: "WEB",
         url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
      },
      {
         type: "WEB",
         url: "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137",
      },
      {
         type: "WEB",
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         type: "WEB",
         url: "https://bto.bluecoat.com/security-advisory/sa132",
      },
      {
         type: "WEB",
         url: "https://access.redhat.com/errata/RHSA-2017:2494",
      },
      {
         type: "WEB",
         url: "https://access.redhat.com/errata/RHSA-2017:2493",
      },
      {
         type: "WEB",
         url: "https://access.redhat.com/errata/RHSA-2017:1802",
      },
      {
         type: "WEB",
         url: "https://access.redhat.com/errata/RHSA-2017:1801",
      },
      {
         type: "WEB",
         url: "https://access.redhat.com/errata/RHSA-2017:1658",
      },
      {
         type: "WEB",
         url: "https://access.redhat.com/errata/RHSA-2017:1414",
      },
      {
         type: "WEB",
         url: "https://access.redhat.com/errata/RHSA-2017:1413",
      },
      {
         type: "WEB",
         url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html",
      },
      {
         type: "WEB",
         url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html",
      },
      {
         type: "WEB",
         url: "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html",
      },
      {
         type: "WEB",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html",
      },
      {
         type: "WEB",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2802.html",
      },
      {
         type: "WEB",
         url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
      },
      {
         type: "WEB",
         url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html",
      },
      {
         type: "WEB",
         url: "http://seclists.org/fulldisclosure/2016/Dec/47",
      },
      {
         type: "WEB",
         url: "http://seclists.org/fulldisclosure/2016/Oct/62",
      },
      {
         type: "WEB",
         url: "http://seclists.org/fulldisclosure/2017/Jul/31",
      },
      {
         type: "WEB",
         url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
      },
      {
         type: "WEB",
         url: "http://www.debian.org/security/2016/dsa-3673",
      },
      {
         type: "WEB",
         url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
      },
      {
         type: "WEB",
         url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/93150",
      },
      {
         type: "WEB",
         url: "http://www.securitytracker.com/id/1036878",
      },
      {
         type: "WEB",
         url: "http://www.securitytracker.com/id/1037640",
      },
      {
         type: "WEB",
         url: "http://www.splunk.com/view/SP-CAAAPSV",
      },
      {
         type: "WEB",
         url: "http://www.splunk.com/view/SP-CAAAPUE",
      },
      {
         type: "WEB",
         url: "http://www.ubuntu.com/usn/USN-3087-1",
      },
      {
         type: "WEB",
         url: "http://www.ubuntu.com/usn/USN-3087-2",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
         type: "CVSS_V3",
      },
   ],
}

cve-2016-6304

Vulnerability from cvelistv5

Published

2016-09-26 00:00

Modified

2024-08-06 01:29

Severity ?

Summary

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20160922.txt
	https://www.tenable.com/security/tns-2016-20
	http://www.splunk.com/view/SP-CAAAPUE
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
	http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-1940.html	vendor-advisory
	http://www.securityfocus.com/bid/93150	vdb-entry
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
	http://rhn.redhat.com/errata/RHSA-2016-2802.html	vendor-advisory
	https://security.gentoo.org/glsa/201612-16	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory
	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
	http://www.securitytracker.com/id/1036878	vdb-entry
	http://www.splunk.com/view/SP-CAAAPSV
	https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory
	http://www-01.ibm.com/support/docview.wss?uid=swg21995039
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
	https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	https://www.tenable.com/security/tns-2016-16
	https://access.redhat.com/errata/RHSA-2017:2494	vendor-advisory
	http://www.securitytracker.com/id/1037640	vdb-entry
	https://www.tenable.com/security/tns-2016-21
	https://kc.mcafee.com/corporate/index?page=content&id=SB10171
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
	https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
	https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
	https://bto.bluecoat.com/security-advisory/sa132
	http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	vendor-advisory
	https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
	https://access.redhat.com/errata/RHSA-2017:2493	vendor-advisory
	https://kc.mcafee.com/corporate/index?page=content&id=SB10215
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
	http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
	http://seclists.org/fulldisclosure/2016/Oct/62	mailing-list
	http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
	http://seclists.org/fulldisclosure/2016/Dec/47	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
	http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
	http://www.debian.org/security/2016/dsa-3673	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
	http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
	https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:29:18.286Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20160922.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-20",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.splunk.com/view/SP-CAAAPUE",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  name: "RHSA-2017:1659",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html",
               },
               {
                  name: "RHSA-2017:1658",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1658",
               },
               {
                  name: "RHSA-2016:1940",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html",
               },
               {
                  name: "93150",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/93150",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
               },
               {
                  name: "RHSA-2016:2802",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2802.html",
               },
               {
                  name: "GLSA-201612-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201612-16",
               },
               {
                  name: "RHSA-2017:1801",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1801",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
               },
               {
                  name: "1036878",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036878",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.splunk.com/view/SP-CAAAPSV",
               },
               {
                  name: "RHSA-2017:1413",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1413",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-16",
               },
               {
                  name: "RHSA-2017:2494",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2494",
               },
               {
                  name: "1037640",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037640",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2016-21",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  name: "RHSA-2017:1414",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1414",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa132",
               },
               {
                  name: "RHSA-2017:1415",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  name: "FreeBSD-SA-16:26",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc",
               },
               {
                  name: "SUSE-SU-2016:2470",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
               },
               {
                  name: "RHSA-2017:1802",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1802",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
               },
               {
                  name: "RHSA-2017:2493",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2493",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215",
               },
               {
                  name: "SUSE-SU-2017:2700",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html",
               },
               {
                  name: "USN-3087-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3087-1",
               },
               {
                  name: "SUSE-SU-2016:2469",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html",
               },
               {
                  name: "openSUSE-SU-2016:2537",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html",
               },
               {
                  name: "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2016/Oct/62",
               },
               {
                  name: "USN-3087-2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3087-2",
               },
               {
                  name: "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2016/Dec/47",
               },
               {
                  name: "SUSE-SU-2017:2699",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html",
               },
               {
                  name: "openSUSE-SU-2016:2407",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html",
               },
               {
                  name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2017/Jul/31",
               },
               {
                  name: "SUSE-SU-2016:2458",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html",
               },
               {
                  name: "DSA-3673",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3673",
               },
               {
                  name: "openSUSE-SU-2016:2391",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html",
               },
               {
                  name: "openSUSE-SU-2018:0458",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html",
               },
               {
                  name: "SUSE-SU-2016:2387",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html",
               },
               {
                  name: "openSUSE-SU-2016:2788",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html",
               },
               {
                  name: "SUSE-SU-2016:2468",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html",
               },
               {
                  name: "openSUSE-SU-2016:2769",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html",
               },
               {
                  name: "openSUSE-SU-2016:2496",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html",
               },
               {
                  name: "SUSE-SU-2016:2394",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-09-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://www.openssl.org/news/secadv/20160922.txt",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-20",
            },
            {
               url: "http://www.splunk.com/view/SP-CAAAPUE",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               name: "RHSA-2017:1659",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html",
            },
            {
               name: "RHSA-2017:1658",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1658",
            },
            {
               name: "RHSA-2016:1940",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html",
            },
            {
               name: "93150",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/93150",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
            },
            {
               name: "RHSA-2016:2802",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2802.html",
            },
            {
               name: "GLSA-201612-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201612-16",
            },
            {
               name: "RHSA-2017:1801",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1801",
            },
            {
               url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
            },
            {
               name: "1036878",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1036878",
            },
            {
               url: "http://www.splunk.com/view/SP-CAAAPSV",
            },
            {
               name: "RHSA-2017:1413",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1413",
            },
            {
               url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-16",
            },
            {
               name: "RHSA-2017:2494",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2494",
            },
            {
               name: "1037640",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1037640",
            },
            {
               url: "https://www.tenable.com/security/tns-2016-21",
            },
            {
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               name: "RHSA-2017:1414",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1414",
            },
            {
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
            },
            {
               url: "https://bto.bluecoat.com/security-advisory/sa132",
            },
            {
               name: "RHSA-2017:1415",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               name: "FreeBSD-SA-16:26",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc",
            },
            {
               name: "SUSE-SU-2016:2470",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
            },
            {
               name: "RHSA-2017:1802",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1802",
            },
            {
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
            },
            {
               name: "RHSA-2017:2493",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2493",
            },
            {
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215",
            },
            {
               name: "SUSE-SU-2017:2700",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html",
            },
            {
               name: "USN-3087-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-3087-1",
            },
            {
               name: "SUSE-SU-2016:2469",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html",
            },
            {
               name: "openSUSE-SU-2016:2537",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html",
            },
            {
               name: "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2016/Oct/62",
            },
            {
               name: "USN-3087-2",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.ubuntu.com/usn/USN-3087-2",
            },
            {
               name: "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2016/Dec/47",
            },
            {
               name: "SUSE-SU-2017:2699",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html",
            },
            {
               name: "openSUSE-SU-2016:2407",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html",
            },
            {
               name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2017/Jul/31",
            },
            {
               name: "SUSE-SU-2016:2458",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html",
            },
            {
               name: "DSA-3673",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://www.debian.org/security/2016/dsa-3673",
            },
            {
               name: "openSUSE-SU-2016:2391",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html",
            },
            {
               name: "openSUSE-SU-2018:0458",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html",
            },
            {
               url: "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html",
            },
            {
               name: "SUSE-SU-2016:2387",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html",
            },
            {
               name: "openSUSE-SU-2016:2788",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html",
            },
            {
               name: "SUSE-SU-2016:2468",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html",
            },
            {
               name: "openSUSE-SU-2016:2769",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html",
            },
            {
               name: "openSUSE-SU-2016:2496",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html",
            },
            {
               name: "SUSE-SU-2016:2394",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html",
            },
            {
               url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en",
            },
            {
               url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-6304",
      datePublished: "2016-09-26T00:00:00",
      dateReserved: "2016-07-26T00:00:00",
      dateUpdated: "2024-08-06T01:29:18.286Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted