Denial of Service (DoS) Vulnerability in OpenSSL DTLS (CVE-2016-2179)
Denial of Service (DoS) Vulnerability in OpenSSL's DTLS Implementation (CVE-2016-2179)
Summary
This vulnerability applies when DTLS functionality is enabled. No Buffalo NAS products have enabled the DTLS function of OpenSSL, and so no Buffalo Sytems are affected by this vulnerability.
Vulnerability ID | Vulnerability Overview |
---|---|
CVE-2016-2179 | The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. |
Affected Supported TeraStations
None
Date | Description |
3/10/2022 | Initial release |