CVE-2016-6305 in OpenSSLinfo

Summary

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

07/26/2016

Disclosure

09/26/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
92200	OpenSSL rec_layer_s3.c ssl3_read_bytes input validation	20	Not defined	Official fix	CVE-2016-6305
91898	OpenSSL Empty Record SSL_peek Hang denial of service	404	Not defined	Official fix	CVE-2016-6305

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!