← back
CVE-2016-7054

ChaCha20/Poly1305 heap-buffer-overflow

EPSS 31.9%
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
Affected products
OpenSSL · OpenSSL
public PoCs found2
cve_referencewww.exploit-db.com/exploits/40899/unverifiedexploitdbwww.exploit-db.com/exploits/40899unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_ushttps://www.exploit-db.com/exploits/40899/https://www.openssl.org/news/secadv/20161110.txthttp://www.securityfocus.com/bid/94238http://www.securitytracker.com/id/1037261