virus logo FortiClient Vulnerability

OpenSSL CVE-2016-6302 Input Validation Bypass Vulnerability

description-logoDescription

Severity: LowIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to aDoS attack where a malformed ticket will result in an OOB read which willultimately crash.The use of SHA512 in TLS session tickets is comparatively rare as it requiresa custom server callback and ticket lookup mechanism.OpenSSL 1.0.2 users should upgrade to 1.0.2iOpenSSL 1.0.1 users should upgrade to 1.0.1uThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSLdevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-6302

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39865
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL