Home

CVE-2016-8610

Description

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
71.13

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Balance -Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation -Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.4.0Windows
Multiple Vulnerabilities are affected in OpenSSL 0.9.8Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.5.0Windows
GNU TLS library (USN-2865-1) libgnutlsxx27_2.12.14-5ubuntu3.14_i386.debLinux
GNU TLS library (USN-2865-1) libgnutlsxx27_2.12.14-5ubuntu3.14_amd64.debLinux
GNU TLS library (USN-2865-1) libgnutls-openssl27_2.12.14-5ubuntu3.14_i386.debLinux
GNU TLS library (USN-2865-1) libgnutls-openssl27_2.12.14-5ubuntu3.14_amd64.debLinux
GNU TLS library (USN-2913-4) libgnutls26_2.12.14-5ubuntu3.13_i386.debLinux
GNU TLS library (USN-2913-4) libgnutls26_2.12.14-5ubuntu3.13_amd64.debLinux
GNU TLS library (USN-2913-4) libgnutls26_2.12.23-12ubuntu2.6_i386.debLinux
GNU TLS library (USN-2913-4) libgnutls26_2.12.23-12ubuntu2.6_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3087-2) libssl1.0.0_1.0.1-4ubuntu5.39_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3087-2) libssl1.0.0_1.0.1-4ubuntu5.39_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3087-2) libssl1.0.0_1.0.2g-1ubuntu4.6_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3087-2) libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3181-1) libssl1.0.0_1.0.1-4ubuntu5.39_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3181-1) libssl1.0.0_1.0.1-4ubuntu5.39_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3181-1) libssl1.0.0_1.0.2g-1ubuntu4.6_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3181-1) libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3181-1) libssl1.0.0_1.0.1f-1ubuntu2.22_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3181-1) libssl1.0.0_1.0.1f-1ubuntu2.22_amd64.debLinux
GNU TLS library (USN-3183-1) libgnutls26_2.12.14-5ubuntu3.14_i386.debLinux
GNU TLS library (USN-3183-1) libgnutls26_2.12.14-5ubuntu3.14_amd64.debLinux
GNU TLS library (USN-3183-1) libgnutls26_2.12.23-12ubuntu2.7_i386.debLinux
GNU TLS library (USN-3183-1) libgnutls26_2.12.23-12ubuntu2.7_amd64.debLinux
GNU TLS library (USN-3183-1) libgnutls30_3.5.3-5ubuntu1.1_i386.debLinux
GNU TLS library (USN-3183-1) libgnutls30_3.5.3-5ubuntu1.1_amd64.debLinux
GNU TLS library (USN-3183-1) libgnutls30_3.4.10-4ubuntu1.2_i386.debLinux
GNU TLS library (USN-3183-1) libgnutls30_3.4.10-4ubuntu1.2_amd64.debLinux
GNU TLS library (USN-3183-2) libgnutls26_2.12.14-5ubuntu3.14_i386.debLinux
GNU TLS library (USN-3183-2) libgnutls26_2.12.14-5ubuntu3.14_amd64.debLinux
openssl security update(DSA-3773-1) openssl_1.0.1t-1+deb8u6_i386.debLinux
openssl security update(DSA-3773-1) openssl_1.0.1t-1+deb8u6_amd64.debLinux
openssl security update(DSA-3773-1) openssl_1.0.1t-1+deb8u6_kfreebsd-i386.debLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-2.12.23-21.el6.i686.rpmLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-2.12.23-21.el6.x86_64.rpmLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-devel-2.12.23-21.el6.i686.rpmLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-devel-2.12.23-21.el6.x86_64.rpmLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-guile-2.12.23-21.el6.i686.rpmLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-guile-2.12.23-21.el6.x86_64.rpmLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-utils-2.12.23-21.el6.i686.rpmLinux
(RHSA-2017:0574) Moderate: gnutls security, bug fix, and enhancement update gnutls-utils-2.12.23-21.el6.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) gnutls-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) gnutls-debuginfo-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) gnutls-debugsource-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Server 12-SP1 ) libgnutls-openssl27-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Server 12-SP1 ) libgnutls-openssl27-debuginfo-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-32bit-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-debuginfo-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0348-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgnutls28-debuginfo-32bit-3.2.15-16.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl1_0_0-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl1_0_0-32bit-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl1_0_0-debuginfo-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Server 12-SP1 ) libopenssl1_0_0-hmac-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Server 12-SP1 ) libopenssl1_0_0-hmac-32bit-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Desktop 12-SP1 ) openssl-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Desktop 12-SP1 ) openssl-debuginfo-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Desktop 12-SP1 ) openssl-debugsource-1.0.1i-54.5.1.x86_64.rpmLinux
SUSE-SU-2017:0461-1(SUSE Linux Enterprise Server 12-SP1 ) openssl-doc-1.0.1i-54.5.1.noarch.rpmLinux
SUSE-SU-2017:0605-1(SUSE Linux Enterprise Desktop 12-SP1 ) compat-openssl098-debugsource-0.9.8j-105.1.x86_64.rpmLinux
SUSE-SU-2017:0605-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl0_9_8-0.9.8j-105.1.x86_64.rpmLinux
SUSE-SU-2017:0605-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl0_9_8-32bit-0.9.8j-105.1.x86_64.rpmLinux
SUSE-SU-2017:0605-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl0_9_8-debuginfo-0.9.8j-105.1.x86_64.rpmLinux
SUSE-SU-2017:0605-1(SUSE Linux Enterprise Desktop 12-SP1 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-105.1.x86_64.rpmLinux
SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) compat-openssl098-debugsource-0.9.8j-106.9.1.x86_64.rpmLinux
SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-0.9.8j-106.9.1.x86_64.rpmLinux
SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64.rpmLinux
SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-0.9.8j-106.9.1.x86_64.rpmLinux
SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.9.1.x86_64.rpmLinux
Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-352259OpenSSL (3.6.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234