Description

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Remediation

References

CVE-2016-6302

Related Vulnerabilities

Claroline Other Vulnerability (CVE-2005-1375)

WordPress Plugin RocketTheme RokBox 'jwplayer.swf' Cross-Site Scripting (2.11)

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17567)

Magento Incorrect Authorization Vulnerability (CVE-2020-9692)

Ruby Improper Input Validation Vulnerability (CVE-2008-3657)

Severity

High

Classification

CVE-2016-6302 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities