CVE-2016-6304

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-6304
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6304.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-6304
Downstream
Related
Published
2016-09-26T19:59:00.157Z
Modified
2026-05-28T04:03:18.891347018Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "12.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "novell:suse_linux_enterprise_module_for_web_scripting",
            "cpes": [
                "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
163ca274230fce536afe76c64676c332693ad7c1
Fixed
848d650dade802c835b4b3a1e29c7581e79494ed
Introduced
2b18916ff054309a07408719b62e2b6a4f1e056a
Fixed
0ad4bbd94af535d9b70f64fff28652f23b05c403
Introduced
f9f837885343a2a3f5ba2b8c510eaac395c8c865
Fixed
57ca7390d03372b99d9cf8563c75a3895d93a6e6
Introduced
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Fixed
d87ad0ceea3f8ecf14b15cf95776fdbb277e0f07
Database specific 
{
    "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.10.0"
        },
        {
            "fixed": "0.10.47"
        },
        {
            "introduced": "0.12.0"
        },
        {
            "fixed": "0.12.16"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.6.0"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.7.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v4.*
v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v6.*
v6.0.0
v6.1.0
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6304.json"

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Last affected
94f416601754dbe65e287f8e1eca01fa32f74a7a
Last affected
2f63ad1c6daa61614f3d58de0889bf68e9f75853
Last affected
2c5db8dac3a06fe5b2c889838a606138ee3542ed
Last affected
7ea5bd2b52d0e81eaef3d109b3b12545306f201c
Last affected
888759a1d38197f29de7227876c3b58fbff8549f
Last affected
ab585551c0a577d9a91825d446465905a5ea17e3
Last affected
e2dfb655f798831ffb29242ad804013ddb0c5d5b
Last affected
08e4c7a967cc9d82264d125440d8b17b912bd250
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2"
        },
        {
            "last_affected": "1.0.2-beta1"
        },
        {
            "last_affected": "1.0.2-beta2"
        },
        {
            "last_affected": "1.0.2-beta3"
        },
        {
            "last_affected": "1.0.2a"
        },
        {
            "last_affected": "1.0.2b"
        },
        {
            "last_affected": "1.0.2c"
        },
        {
            "last_affected": "1.0.2d"
        },
        {
            "last_affected": "1.0.2e"
        },
        {
            "last_affected": "1.0.2f"
        },
        {
            "last_affected": "1.0.2h"
        },
        {
            "last_affected": "1.1.0"
        },
        {
            "last_affected": "1.0.1"
        },
        {
            "last_affected": "1.0.1-beta1"
        },
        {
            "last_affected": "1.0.1-beta2"
        },
        {
            "last_affected": "1.0.1-beta3"
        },
        {
            "last_affected": "1.0.1a"
        },
        {
            "last_affected": "1.0.1b"
        },
        {
            "last_affected": "1.0.1c"
        },
        {
            "last_affected": "1.0.1d"
        },
        {
            "last_affected": "1.0.1e"
        },
        {
            "last_affected": "1.0.1f"
        },
        {
            "last_affected": "1.0.1g"
        },
        {
            "last_affected": "1.0.1h"
        },
        {
            "last_affected": "1.0.1i"
        },
        {
            "last_affected": "1.0.1j"
        },
        {
            "last_affected": "1.0.1k"
        },
        {
            "last_affected": "1.0.1l"
        },
        {
            "last_affected": "1.0.1m"
        },
        {
            "last_affected": "1.0.1n"
        },
        {
            "last_affected": "1.0.1o"
        },
        {
            "last_affected": "1.0.1p"
        },
        {
            "last_affected": "1.0.1q"
        },
        {
            "last_affected": "1.0.1r"
        },
        {
            "last_affected": "1.0.1s"
        },
        {
            "last_affected": "1.0.1t"
        }
    ],
    "cpe": [
        "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING"
}

Affected versions

Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_0_1
OpenSSL_1_0_1-beta1
OpenSSL_1_0_1-beta2
OpenSSL_1_0_1-beta3
OpenSSL_1_0_1-post-auto-reformat
OpenSSL_1_0_1-post-reformat
OpenSSL_1_0_1-pre-auto-reformat
OpenSSL_1_0_1-pre-reformat
OpenSSL_1_0_1a
OpenSSL_1_0_1b
OpenSSL_1_0_1c
OpenSSL_1_0_1d
OpenSSL_1_0_1e
OpenSSL_1_0_1f
OpenSSL_1_0_1g
OpenSSL_1_0_1h
OpenSSL_1_0_1i
OpenSSL_1_0_1j
OpenSSL_1_0_1k
OpenSSL_1_0_1l
OpenSSL_1_0_1m
OpenSSL_1_0_1n
OpenSSL_1_0_1o
OpenSSL_1_0_1p
OpenSSL_1_0_1q
OpenSSL_1_0_1r
OpenSSL_1_0_1s
OpenSSL_1_0_1t
OpenSSL_1_0_1u
OpenSSL_1_0_2
OpenSSL_1_0_2-beta1
OpenSSL_1_0_2-beta2
OpenSSL_1_0_2-beta3
OpenSSL_1_0_2-post-auto-reformat
OpenSSL_1_0_2-post-reformat
OpenSSL_1_0_2-pre-auto-reformat
OpenSSL_1_0_2-pre-reformat
OpenSSL_1_0_2a
OpenSSL_1_0_2b
OpenSSL_1_0_2c
OpenSSL_1_0_2d
OpenSSL_1_0_2e
OpenSSL_1_0_2f
OpenSSL_1_0_2g
OpenSSL_1_0_2h
OpenSSL_1_0_2i
OpenSSL_1_0_2j
OpenSSL_1_0_2k
OpenSSL_1_0_2l
OpenSSL_1_0_2m
OpenSSL_1_0_2n
OpenSSL_1_0_2o
OpenSSL_1_0_2p
OpenSSL_1_0_2q
OpenSSL_1_0_2r
OpenSSL_1_0_2s
OpenSSL_1_0_2t
OpenSSL_1_0_2u
OpenSSL_1_1_0
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_0a
OpenSSL_1_1_0b
OpenSSL_1_1_0c
OpenSSL_1_1_0d
OpenSSL_1_1_0e
OpenSSL_1_1_0f
OpenSSL_1_1_0g
OpenSSL_1_1_0h
OpenSSL_1_1_0i
OpenSSL_1_1_0j
OpenSSL_1_1_0k
OpenSSL_1_1_0l
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6304.json"