OpenSSL CVE-2016-6307 Denial of Service Vulnerability

description-logoDescription

message larger than approx 16k is received then the underlying buffer to storethe incoming message is reallocated and moved. Unfortunately a dangling pointerto the old location is left which results in an attempt to write to thepreviously freed location. This is likely to result in a crash, however itcould potentially lead to execution of arbitrary code.OpenSSL 1.1.0 users should upgrade to 1.1.0bThis issue was reported to OpenSSL on 23rd September 2016 by Robertwas developed by Matt Caswell of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-6307