Search for vulnerabilities
Vulnerability details: VCID-9bjy-vecc-aaae
Vulnerability ID VCID-9bjy-vecc-aaae
Aliases CVE-2016-6305
VC-OPENSSL-20160922-CVE-2016-6305
Summary OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6305.json
epss 0.17712 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.17712 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.19015 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36077 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36077 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36077 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36077 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36077 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36077 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36554 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36649 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36649 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36649 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.36687 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.48860 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.48860 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.48860 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
epss 0.57272 https://api.first.org/data/v1/epss?cve=CVE-2016-6305
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1378127
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2016-6305
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-6305
generic_textual Low https://www.openssl.org/news/secadv/20160922.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
cvssv3.1 8.1 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6305.json
https://api.first.org/data/v1/epss?cve=CVE-2016-6305
https://bto.bluecoat.com/security-advisory/sa132
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://github.com/openssl/openssl/commit/63658103d4441924f8dbfc517b99bb54758a98b9
https://github.com/openssl/openssl/issues/1563
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=63658103d4441924f8dbfc517b99bb54758a98b9
https://git.openssl.org/?p=openssl.git;a=commit;h=63658103d4441924f8dbfc517b99bb54758a98b9
https://security.gentoo.org/glsa/201612-16
https://www.openssl.org/news/secadv/20160922.txt
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
https://www.tenable.com/security/tns-2016-21
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/93149
http://www.securitytracker.com/id/1036879
1378127 https://bugzilla.redhat.com/show_bug.cgi?id=1378127
cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
CVE-2016-6305 https://nvd.nist.gov/vuln/detail/CVE-2016-6305
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6305.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6305
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6305
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94586
EPSS Score 0.17712
Published At April 7, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.