Severity: Unknown
Affected Package: openssl
Summary: Excessive CPU consumption from undefined SSL/TLS alert messages
Due to improper handling of alert packets (the 'SSL Death Alert' issue), OpenSSL would consume an excessive amount of CPU processing undefined/warning alert messages. A remote attacker could send crafted plaintext ALERT packets to drive a TLS/SSL server to full CPU usage, causing denial of service. Patched in the 0.8.4 release.
No specific recommendations provided.
Aliases: CVE-2016-8610
Published: November 05, 2016
Last Modified: November 05, 2016