CVE-2016-8610

HIGH

OpenSSL <1.1.0 - DoS

Title source: llm

Description

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Exploits (2)

nomisec WORKING POC 33 stars

by cujanovic · poc

https://github.com/cujanovic/CVE-2016-8610-PoC

View Code ZIP pw:eip

gitlab WORKING POC

by drent · poc

https://gitlab.com/drent/CVE-2016-8610-PoC

View Code ZIP pw:eip

References (28)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-0286.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-0574.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-1415.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2017-1659.html

[Mailing List, Third Party Advisory] http://seclists.org/oss-sec/2016/q4/224

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93841

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037084

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1413

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1414

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1658

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1801

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1802

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2493

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2494

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610

[Broken Link] https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401

[Third Party Advisory] https://security.360.cn/cve/CVE-2016-8610/

[Third Party Advisory] https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20171130-0001/

[Third Party Advisory] https://security.paloaltonetworks.com/CVE-2016-8610

... and 8 more

Scores

CVSS v3 7.5

EPSS 0.7113

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (50)

debian/debian_linux 8.0

fujitsu/m10-1_firmware < xcp2361

fujitsu/m10-4_firmware < xcp2361

fujitsu/m10-4s_firmware < xcp2361

fujitsu/m12-1_firmware < xcp2361

fujitsu/m12-2_firmware < xcp2361

fujitsu/m12-2s_firmware < xcp2361

netapp/clustered_data_ontap

netapp/clustered_data_ontap_antivirus_connector

netapp/cn1610_firmware

... and 40 more

Published Nov 13, 2017

Tracked Since Feb 18, 2026