CVE-2016-6302 in OpenSSL and Oracle Products
Published on September 16, 2016

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2016-6302

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2016-6302 are published in these products:

OpenSSL

Oracle Solaris

Oracle Linux

Exploit Probability

EPSS

16.33%

Percentile

94.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-6302 in OpenSSL and Oracle ProductsPublished on September 16, 2016

Products Associated with CVE-2016-6302

Exploit Probability

CVE-2016-6302 in OpenSSL and Oracle Products
Published on September 16, 2016