VYPR
Critical severity9.8OSV Advisory· Published Sep 26, 2016· Updated Jun 17, 2026

CVE-2016-6309

CVE-2016-6309

Description

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • BEFORE_engine, OpenSSL_0_9_1c, OpenSSL_0_9_2b, …+ 1 more
    • (no CPE)range: BEFORE_engine, OpenSSL_0_9_1c, OpenSSL_0_9_2b, …
    • (no CPE)range: = 1.1.0a

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.