English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2016-6302

Low
Low Medium High Critical
CVSS Score
Published: Sep 16, 2016
Last Modified: Apr 12, 2025
CWE: CWE-20

Vulnerability Description

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Known Affected Software

34 configuration(s) from 2 vendor(s)

openssl
Version:
1.0.1d
CPE:
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
openssl
Version:
1.0.2c
CPE:
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
openssl
Version:
1.0.1b
CPE:
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
openssl
Version:
1.0.1a
CPE:
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
openssl
Version:
1.0.2g
CPE:
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
openssl
Version:
1.0.1k
CPE:
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
openssl
Version:
1.0.1n
CPE:
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
openssl
Version:
1.0.1s
CPE:
cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
openssl
Version:
1.0.1q
CPE:
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
openssl
Version:
1.0.2e
CPE:
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
openssl
Version:
1.0.2
CPE:
cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:*
openssl
Version:
1.0.1r
CPE:
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
openssl
Version:
1.0.2d
CPE:
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
openssl
Version:
1.0.2h
CPE:
cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
openssl
Version:
1.0.1i
CPE:
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
openssl
Version:
1.0.2a
CPE:
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
openssl
Version:
1.0.1f
CPE:
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
openssl
Version:
1.0.1h
CPE:
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
openssl
Version:
1.0.1j
CPE:
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
openssl
Version:
1.0.1p
CPE:
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
openssl
Version:
1.0.1g
CPE:
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
openssl
Version:
1.0.1e
CPE:
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
openssl
Version:
1.0.2f
CPE:
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
openssl
Version:
1.0.1
CPE:
cpe:2.3:a:openssl:openssl:1.0.1:-:*:*:*:*:*:*
openssl
Version:
1.0.1m
CPE:
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
openssl
Version:
1.0.1l
CPE:
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
openssl
Version:
1.0.1c
CPE:
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
openssl
Version:
1.0.1t
CPE:
cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
openssl
Version:
1.0.1o
CPE:
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
openssl
Version:
1.0.2b
CPE:
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
solaris
Version:
11.3
CPE:
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
linux
Version:
7
CPE:
cpe:2.3:o:oracle:linux:7:8:*:*:*:*:*:*
linux
Version:
6
CPE:
cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*
solaris
Version:
10
CPE:
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:sparc:*
This vulnerability affects 34 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0
Low

Weakness Type (CWE)

CWE-20 Top 25 #14

Improper Input Validation

Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploit Likelihood
High
Typical Severity
High
Abstraction Level
Class
View CWE Details on MITRE

Key Information

Published Date
September 16, 2016

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record