OpenSSL CVE-2016-6305 Input Validation Bypass Vulnerability
Description
Severity: ModerateOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends anempty record. This could be exploited by a malicious peer in a Denial Of Serviceattack.OpenSSL 1.1.0 users should upgrade to 1.1.0aThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. Thefix was developed by Matt Caswell of the OpenSSL development team.
Affected Applications
OpenSSL