VDB
ALPINE-CVE-2016-6304
ALPINE-CVE-2016-6304
PUBLISHED
CVSS 7.5 HIGH
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.6 | openssl | 1.0.1c-r3, 1.0.2f-r1, 0 |
| Alpine:v3.5 | openssl | 0.9.8i-r0, 1.0.2, 1.0.2 |
| Alpine:v3.4 | openssl | 1.0.2, 0, 0.9.8i-r0 |
| Alpine:v3.2 | openssl | 1.0.2, 1.0.2, 1.0.2 |
| Alpine:v3.8 | openssl | 1.0.0a-r0, 1.0.0-r0, 0.9.8m-r0 |
| Alpine:v3.7 | openssl | 1.0.1h-r0, 0.9.8l-r1, 0.9.8m-r0 |
| Alpine:v3.3 | openssl | 1.0.2, 1.0.2, 1.0.2 |
Timeline
- Sep 26, 2016 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch