Description

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

Remediation

References

CVE-2016-2179

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2001-0096)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-0708)

PostgreSQL Numeric Errors Vulnerability (CVE-2010-4015)

WordPress Plugin WP Courses LMS Security Bypass (2.0.28)

WordPress Plugin WooCommerce BuddyPress Integration Unspecified Vulnerability (3.2.6.1)

Severity

High

Classification

CVE-2016-2179 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities