Security Advisory

CVE-2016-6302

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-09-16 00:00:00

Last updated 2024-08-06 01:29:18

Assigner redhat

State PUBLISHED

Description

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

← Browse all CVEs View on cve.org ↗