CVE-2016-6307

Published: 26 September 2016

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

openssl098
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)