Search for vulnerabilities
Vulnerability details: VCID-mcbc-6asm-aaab
Vulnerability ID VCID-mcbc-6asm-aaab
Aliases CVE-2016-6309
VC-OPENSSL-20160926-CVE-2016-6309
Summary This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved. Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location. This is likely to result in a crash, however it could potentially lead to execution of arbitrary code.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6309.json
epss 0.32425 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.32425 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.32425 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.32425 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.32425 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.32425 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.35318 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.38721 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.91171 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.92490 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.92490 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.92490 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
epss 0.92490 https://api.first.org/data/v1/epss?cve=CVE-2016-6309
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=1379302
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2016-6309
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-6309
archlinux Critical https://security.archlinux.org/AVG-31
archlinux Critical https://security.archlinux.org/AVG-32
generic_textual Moderate https://www.openssl.org/news/secadv/20160926.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
cvssv3.1 8.1 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6309.json
https://api.first.org/data/v1/epss?cve=CVE-2016-6309
https://bto.bluecoat.com/security-advisory/sa132
https://github.com/openssl/openssl/commit/acacbfa7565c78d2273c0b2a2e5e803f44afefeb
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=acacbfa7565c78d2273c0b2a2e5e803f44afefeb
https://git.openssl.org/?p=openssl.git;a=commit;h=acacbfa7565c78d2273c0b2a2e5e803f44afefeb
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
https://www.openssl.org/news/secadv/20160926.txt
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/93177
http://www.securitytracker.com/id/1036885
1379302 https://bugzilla.redhat.com/show_bug.cgi?id=1379302
AVG-31 https://security.archlinux.org/AVG-31
AVG-32 https://security.archlinux.org/AVG-32
cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
CVE-2016-6309 https://nvd.nist.gov/vuln/detail/CVE-2016-6309
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6309.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6309
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6309
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.9647
EPSS Score 0.32425
Published At March 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.