Home CVE Database CVE-2016-2179

CVE-2016-2179

Description

It was found that current mechanism of queuing the future messages, i.e. messages having greater sequence numbers that are to be processed later, is prone to DoS attack by memory exhaustion, when attacker can fill up the queue with lots of large messages that are never going to be used. Only up to 10 messages in the future can be buffered and queue gets cleared when the connection is closed, thus attacker can exploit this only with opening many simultaneous connections.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Sep 9, 2016
Related ID: --
CVSS v2: High
Modified Date: Sep 9, 2016

Find out more about CVE-2016-2179 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

openssl

Live chat
Online