Sales Chat - Click Here

Denial of Service (DoS) Vulnerability in OpenSSL t1_lib.c (OCSP) (CVE-2016-6304)

Mar 13, 2023

Denial of Service (DoS) vulnerability via memory leak in OpenSSL's t1_lib.c (CVE-2016-6304)

Summary

This vulnerability applies when the OCSP protocol is enabled. Buffalo NAS systems do not enable this functionality. 

Vulnerability ID Vulnerability Overview
CVE-2016-6304 Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

Affected Supported TeraStations

None

Back to Security Notices

Date Description
3/16/2022 Initial release
X