CVE-2016-6304
Published on: 09/26/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:12 PM UTC
Certain versions of Node.js from Nodejs contain the following vulnerability:
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
- CVE-2016-6304 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 7.8 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Security updates for all active release lines, September 2016 | Node.js | Third Party Advisory nodejs.org text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Vendor Advisory www.openssl.org text/plain |
![]() | |
Oracle Critical Patch Update - January 2018 | www.oracle.com text/html |
![]() |
Oracle Critical Patch Update - April 2018 | www.oracle.com text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
Splunk Enterprise 6.4.5 addresses multiple vulnerabilities | Splunk | www.splunk.com text/html |
![]() |
Oracle Linux Bulletin - October 2016 | www.oracle.com text/html |
![]() |
Oracle Critical Patch Update - October 2016 | www.oracle.com text/html |
![]() |
McAfee Security Bulletin: Updates fix multiple OpenSSL vulnerabilities (CVE-2016-6304, CVE-2016-2183, CVE-2016-2182, and CVE-2016-7052) | kc.mcafee.com text/html |
![]() |
OpenSSL OCSP Status Request Extension Processing Error Lets Remote Authenticated Users Consume Excessive Memory Resources - SecurityTracker | www.securitytracker.com text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
OpenSSL CVE-2016-6304 Denial of Service Vulnerability | cve.report (archive) text/html |
![]() |
OpenSSL: Multiple vulnerabilities (GLSA 201612-16) — Gentoo security | security.gentoo.org text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
MySQL Multiple Flaws Let Remote Authenticated and Local Users Access Data, Deny Service, and Gain Elevated Privileges - SecurityTracker | www.securitytracker.com text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
[R5] Nessus 6.9 Fixes Multiple Vulnerabilities - Security Advisory | Tenable Network Security | www.tenable.com text/html |
![]() |
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016 | bto.bluecoat.com text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities | Splunk | www.splunk.com text/html |
![]() |
Oracle VM Server for x86 Bulletin - October 2016 | www.oracle.com text/html |
![]() |
[R2] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security | www.tenable.com text/html |
![]() |
Juniper Networks - 2016-10 Security Bulletin: OpenSSL security updates | kb.juniper.net text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
IBM Security Bulletin: Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware - United States | web.archive.org text/html Inactive LinkNot Archived |
![]() |
git.openssl.org Git - openssl.git/commit | Issue Tracking git.openssl.org text/xml |
![]() |
Oracle Critical Patch Update - July 2017 | www.oracle.com text/html |
![]() |
[R1] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable Network Security | www.tenable.com text/html |
![]() |
Oracle Critical Patch Update - October 2017 | www.oracle.com text/html |
![]() |
security.FreeBSD.org text/plain |
![]() | |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
[security-announce] SUSE-SU-2016:2470-1: important: Security update for | Third Party Advisory lists.opensuse.org text/html |
![]() |
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Nodejs | Node.js | All | All | All | All |
Operating System | Novell | Suse Linux Enterprise Module For Web Scripting | 12.0 | All | All | All |
Operating System | Novell | Suse Linux Enterprise Module For Web Scripting | 12.0 | All | All | All |
Application | Openssl | Openssl | 1.0.1 | All | All | All |
Application | Openssl | Openssl | 1.0.1 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.1a | All | All | All |
Application | Openssl | Openssl | 1.0.1b | All | All | All |
Application | Openssl | Openssl | 1.0.1c | All | All | All |
Application | Openssl | Openssl | 1.0.1d | All | All | All |
Application | Openssl | Openssl | 1.0.1e | All | All | All |
Application | Openssl | Openssl | 1.0.1f | All | All | All |
Application | Openssl | Openssl | 1.0.1g | All | All | All |
Application | Openssl | Openssl | 1.0.1h | All | All | All |
Application | Openssl | Openssl | 1.0.1i | All | All | All |
Application | Openssl | Openssl | 1.0.1j | All | All | All |
Application | Openssl | Openssl | 1.0.1k | All | All | All |
Application | Openssl | Openssl | 1.0.1l | All | All | All |
Application | Openssl | Openssl | 1.0.1m | All | All | All |
Application | Openssl | Openssl | 1.0.1n | All | All | All |
Application | Openssl | Openssl | 1.0.1o | All | All | All |
Application | Openssl | Openssl | 1.0.1p | All | All | All |
Application | Openssl | Openssl | 1.0.1q | All | All | All |
Application | Openssl | Openssl | 1.0.1r | All | All | All |
Application | Openssl | Openssl | 1.0.1s | All | All | All |
Application | Openssl | Openssl | 1.0.1t | All | All | All |
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.2a | All | All | All |
Application | Openssl | Openssl | 1.0.2b | All | All | All |
Application | Openssl | Openssl | 1.0.2c | All | All | All |
Application | Openssl | Openssl | 1.0.2d | All | All | All |
Application | Openssl | Openssl | 1.0.2e | All | All | All |
Application | Openssl | Openssl | 1.0.2f | All | All | All |
Application | Openssl | Openssl | 1.0.2h | All | All | All |
Application | Openssl | Openssl | 1.1.0 | All | All | All |
Application | Openssl | Openssl | 1.0.1 | All | All | All |
Application | Openssl | Openssl | 1.0.1 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.1 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.1a | All | All | All |
Application | Openssl | Openssl | 1.0.1b | All | All | All |
Application | Openssl | Openssl | 1.0.1c | All | All | All |
Application | Openssl | Openssl | 1.0.1d | All | All | All |
Application | Openssl | Openssl | 1.0.1e | All | All | All |
Application | Openssl | Openssl | 1.0.1f | All | All | All |
Application | Openssl | Openssl | 1.0.1g | All | All | All |
Application | Openssl | Openssl | 1.0.1h | All | All | All |
Application | Openssl | Openssl | 1.0.1i | All | All | All |
Application | Openssl | Openssl | 1.0.1j | All | All | All |
Application | Openssl | Openssl | 1.0.1k | All | All | All |
Application | Openssl | Openssl | 1.0.1l | All | All | All |
Application | Openssl | Openssl | 1.0.1m | All | All | All |
Application | Openssl | Openssl | 1.0.1n | All | All | All |
Application | Openssl | Openssl | 1.0.1o | All | All | All |
Application | Openssl | Openssl | 1.0.1p | All | All | All |
Application | Openssl | Openssl | 1.0.1q | All | All | All |
Application | Openssl | Openssl | 1.0.1r | All | All | All |
Application | Openssl | Openssl | 1.0.1s | All | All | All |
Application | Openssl | Openssl | 1.0.1t | All | All | All |
Application | Openssl | Openssl | 1.0.2 | All | All | All |
Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
Application | Openssl | Openssl | 1.0.2a | All | All | All |
Application | Openssl | Openssl | 1.0.2b | All | All | All |
Application | Openssl | Openssl | 1.0.2c | All | All | All |
Application | Openssl | Openssl | 1.0.2d | All | All | All |
Application | Openssl | Openssl | 1.0.2e | All | All | All |
Application | Openssl | Openssl | 1.0.2f | All | All | All |
Application | Openssl | Openssl | 1.0.2h | All | All | All |
Application | Openssl | Openssl | 1.1.0 | All | All | All |
- cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*:
- cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*:
- cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE