virus logo FortiClient Vulnerability

OpenSSL CVE-2016-6306 Out of Bounds Read Vulnerability

description-logoDescription

Severity: LowIn OpenSSL 1.0.2 and earlier some missing message length checks can result inOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoreticalDoS risk but this has not been observed in practice on common platforms.The messages affected are client certificate, client certificate request andserver certificate. As a result the attack can only be performed againsta client or a server which enables client authentication.OpenSSL 1.1.0 is not affected.OpenSSL 1.0.2 users should upgrade to 1.0.2iOpenSSL 1.0.1 users should upgrade to 1.0.1uThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSLdevelopment team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2016-6306

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39872
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL