CVE-2016-2179 in OpenSSL and Oracle Products
Published on September 16, 2016

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2016-2179

stack.watch emails you whenever new vulnerabilities are published in OpenSSL or Oracle Linux. Just hit a watch button to start following.

OpenSSL

Oracle Linux

Exploit Probability

EPSS

5.79%

Percentile

90.38%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-2179 in OpenSSL and Oracle ProductsPublished on September 16, 2016

Products Associated with CVE-2016-2179

Exploit Probability

CVE-2016-2179 in OpenSSL and Oracle Products
Published on September 16, 2016