CVE-2016-7054
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
- Published date
- 2017-05-04T19:29Z
- Last modification date
- 2017-09-03T01:29Z
- Assigner
- openssl-security@openssl.org
- Problem type
- CWE-284
Impact
- CVSS v3 vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Name | URL | Source | Tags |
|---|---|---|---|
| https://www.openssl.org/news/secadv/20161110.txt | https://www.openssl.org/news/secadv/20161110.txt | CONFIRM | Patch, Vendor Advisory |
| 94238 | http://www.securityfocus.com/bid/94238 | BID | Third Party Advisory, VDB Entry |
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us | https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us | CONFIRM | |
| 1037261 | http://www.securitytracker.com/id/1037261 | SECTRACK | |
| 40899 | https://www.exploit-db.com/exploits/40899/ | EXPLOIT-DB |