Category Archives: Checkpoint

Checkpoint

OpenSSL SSL3_AL_WARNING Denial of Service (CVE-2016-8610)

A denial-of-service vulnerability exists in OpenSSL. The vulnerability, AKA SSL Death Alert, is due to improper handling of warning packets by the function ssl3_read_bytes(). A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending SSL Alert Warning records during the handshake. Successful exploitation will cause the excessive resource consumption on the server.