Your submission was sent successfully! Close

CVE-2016-6305

Published: 26 September 2016

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

openssl098
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

xenial Does not exist