CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
opensslopenssl
1.0.2 ≤
𝑥
≤ 1.0.2h
opensslopenssl
0.9.8
opensslopenssl
1.0.1
opensslopenssl
1.1.0
debiandebian_linux
8.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
redhatjboss_enterprise_application_platform
6.0.0
redhatjboss_enterprise_application_platform
6.4.0
netappcn1610_firmware
-
netappclustered_data_ontap_antivirus_connector
-
netappdata_ontap
-
netappdata_ontap_edge
-
netappe-series_santricity_os_controller
11.0 ≤
𝑥
≤ 11.40
netapphost_agent
-
netapponcommand_balance
-
netapponcommand_unified_manager
-
netapponcommand_workflow_automation
-
netappontap_select_deploy
-
netappservice_processor
-
netappsmi-s_provider
-
netappsnapcenter_server
-
netappsnapdrive
-
netappstoragegrid
-
netappstoragegrid_webscale
-
netappclustered_data_ontap
-
paloaltonetworkspan-os
𝑥
≤ 6.1.17
paloaltonetworkspan-os
7.0.0 ≤
𝑥
≤ 7.0.15
paloaltonetworkspan-os
7.1.0 ≤
𝑥
≤ 7.1.10
oracleadaptive_access_manager
11.1.2.3.0
oracleapplication_testing_suite
13.3.0.1
oraclecommunications_analytics
12.1.1
oraclecommunications_ip_service_activator
7.3.4
oraclecommunications_ip_service_activator
7.4.0
oraclecore_rdbms
11.2.0.4
oraclecore_rdbms
12.1.0.2
oraclecore_rdbms
12.2.0.1
oracleenterprise_manager_ops_center
12.3.3
oracleenterprise_manager_ops_center
12.4.0
oraclegoldengate_application_adapters
12.3.2.1.0
oraclejd_edwards_enterpriseone_tools
9.2
oraclepeoplesoft_enterprise_peopletools
8.56
oraclepeoplesoft_enterprise_peopletools
8.57
oraclepeoplesoft_enterprise_peopletools
8.58
oracleretail_predictive_application_server
15.0.3
oracleretail_predictive_application_server
16.0.3
oracletimesten_in-memory_database
𝑥
< 18.1.4.1.0
oracleweblogic_server
10.3.6.0.0
oracleweblogic_server
12.1.3.0.0
oracleweblogic_server
12.2.1.3.0
oracleweblogic_server
12.2.1.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnutls26
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 2.12.23-12ubuntu2.6
released
precise
Fixed 2.12.14-5ubuntu3.13
released
gnutls28
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
Fixed 3.5.3-5ubuntu1.1
released
xenial
Fixed 3.4.10-4ubuntu1.2
released
trusty
dne
precise
ignored
openssl
disco
Fixed 1.0.2g-1ubuntu11
released
cosmic
Fixed 1.0.2g-1ubuntu11
released
bionic
Fixed 1.0.2g-1ubuntu11
released
artful
Fixed 1.0.2g-1ubuntu11
released
zesty
Fixed 1.0.2g-1ubuntu11
released
yakkety
Fixed 1.0.2g-1ubuntu9.1
released
xenial
Fixed 1.0.2g-1ubuntu4.6
released
trusty
Fixed 1.0.1f-1ubuntu2.22
released
precise
Fixed 1.0.1-4ubuntu5.39
released
openssl098
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2017-0286.html
http://rhn.redhat.com/errata/RHSA-2017-0574.html
http://rhn.redhat.com/errata/RHSA-2017-1415.html
http://rhn.redhat.com/errata/RHSA-2017-1659.html
http://seclists.org/oss-sec/2016/q4/224
http://www.securityfocus.com/bid/93841
http://www.securitytracker.com/id/1037084
https://access.redhat.com/errata/RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2494
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401
https://security.360.cn/cve/CVE-2016-8610/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
https://security.netapp.com/advisory/ntap-20171130-0001/
https://security.paloaltonetworks.com/CVE-2016-8610
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
https://www.debian.org/security/2017/dsa-3773
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://rhn.redhat.com/errata/RHSA-2017-0286.html
http://rhn.redhat.com/errata/RHSA-2017-0574.html
http://rhn.redhat.com/errata/RHSA-2017-1415.html
http://rhn.redhat.com/errata/RHSA-2017-1659.html
http://seclists.org/oss-sec/2016/q4/224
http://www.securityfocus.com/bid/93841
http://www.securitytracker.com/id/1037084
https://access.redhat.com/errata/RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2494
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401
https://security.360.cn/cve/CVE-2016-8610/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
https://security.netapp.com/advisory/ntap-20171130-0001/
https://security.paloaltonetworks.com/CVE-2016-8610
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
https://www.debian.org/security/2017/dsa-3773
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html