NuytsTech Security

CVE-2016-6302

by ·

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

Date published : 2016-09-16

http://www.securityfocus.com/bid/92628

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

Tags: