Vulnerability Details : CVE-2016-6309
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2016-6309
- cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6309
91.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6309
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6309
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6309
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
HPESBHF03856 rev.1 - Comware v7 and Intelligent Management Center Products, Remote Denial of Service
-
http://www.securitytracker.com/id/1036885
OpenSSL Multiple Bugs Let Remote Users Cause the Target Service to Crash - SecurityTracker
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018
-
https://www.tenable.com/security/tns-2016-20
[R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | TenableĀ®
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018
-
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
IBM notice: The page you requested cannot be displayed
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Oracle Critical Patch Update - October 2016
-
https://www.openssl.org/news/secadv/20160926.txt
Vendor Advisory
-
https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb
git.openssl.org Git - openssl.git/commitIssue Tracking
-
https://www.tenable.com/security/tns-2016-16
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities - Security Advisory | TenableĀ®
-
https://bto.bluecoat.com/security-advisory/sa132
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016
-
http://www.securityfocus.com/bid/93177
OpenSSL CVE-2016-6309 Remote Code Execution Vulnerability
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates
-
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Oracle Critical Patch Update - July 2017
Jump to