CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

公開: 2017-11-13 最後更新: 2026-06-16 指派方: [email protected] 來源: [email protected]

結論預警: CVE-2016-8610 綜合評估為中等風險(59.5/100):CVSS 技術影響為高級,利用機率偏高(EPSS 39.66%,百分位 98%) 核心證據: EPSS 顯示該漏洞近期被利用的可能性處於高位。 強制指令: 被利用機率偏高—請盤點暴露面並優先安排修補。

風險隨態勢動態變化;本站持續評估並同步更新本頁展示內容。

CVE-2016-8610 的 EPSS(利用預測評分)

EPSS 日更估計相對被利用可能性;百分位表示該 CVE 在已評分漏洞中的相對排名(越高表示相對更嚴重)。

# 日期 舊 EPSS 分數 新 EPSS 分數 變化(新 − 舊)
1 2026-06-15 71.36% 39.66% -31.70%
2 2026-05-23 71.13% 71.36% +0.23%
3 2026-01-23 71.13%

完整 EPSS 歷史 (共 36 筆)

CVE-2016-8610 的 CVSS 指標

該 CVE 的 CVSS 指標。

底座分 版本 嚴重度 向量 可利用性 影響 分數來源
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 點擊展開
攻擊向量 (AV:N)
可經網際網路或企業內可路由網段從遠端觸達,攻擊者不必在裝置旁邊。
攻擊複雜度 (AC:L)
前置條件清楚,成功路徑穩定,不必仰賴罕見競態或極端環境。
權限需求 (PR:N)
不必事先登入或提權,匿名工作階段也可能成為跳板。
使用者互動 (UI:N)
不必受害者點連結、放行巨集或安裝軟體,攻擊鏈可自動走完。
作用域 (S:U)
破壞局限在脆弱元件原本的安全權限與信任域之內。
機密性影響 (C:N)
幾乎談不上實質的敏感資料外洩。
完整性影響 (I:N)
對紀錄真實性與不可否認性的破壞可忽略。
可用性影響 (A:H)
可造成長時間中斷、關鍵交易無法完成,或伴隨資料毀損導致難以自癒。
3.9 3.6 [email protected]
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P 點擊展開
存取路徑 (AV:N)
只要路由可達,即可從遠端發動利用。
存取複雜度 (AC:L)
步驟短、路徑清楚,重現成本低。
認證 (AU:N)
全程無需有效身分。
機密性影響 (C:N)
對機密性無影響。
完整性影響 (I:N)
對完整性無影響。
可用性影響 (A:P)
可用性受到部分損害。
10.0 2.9 [email protected]

CVE-2016-8610 的弱點列舉

CVE-2016-8610 的 OS 追蹤

vendor priority summary link
debian not yet assigned CVE-2016-8610 not yet assigned priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2016-8610
redhat medium https://access.redhat.com/security/cve/CVE-2016-8610
suse high CVE-2016-8610 severity important: SUSE including 429 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 787 product×package rows across 98 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-Azure-SAP-BYOS, … (98 product lines)): Fixed 410, Known Not Affected 220, Known Affected 157. https://www.suse.com/security/cve/CVE-2016-8610/
ubuntu low CVE-2016-8610 low priority: Ubuntu including 4 source packages (gnutls26, gnutls28, openssl, openssl098), 40 status rows across 10 suites (artful, bionic, cosmic, disco, precise, trusty, upstream, xenial, yakkety, zesty): DNE 16, released 13, not-affected 5, needs-triage 4, ignored 2. https://ubuntu.com/security/CVE-2016-8610

CVE-2016-8610 的影響軟體 / 設定

廠商 產品 版本 原始 CPE
openssl openssl >= 1.0.2, <= 1.0.2h cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
openssl openssl 0.9.8 cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
openssl openssl 1.0.1 cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
openssl openssl 1.1.0 cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
debian debian_linux 8.0 cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 7.5 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
redhat jboss_enterprise_application_platform 6.0.0 cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
redhat jboss_enterprise_application_platform 6.4.0 cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
netapp cn1610_firmware cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
netapp clustered_data_ontap_antivirus_connector cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
netapp data_ontap cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
netapp data_ontap_edge cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
netapp e-series_santricity_os_controller >= 11.0, <= 11.40 cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapp host_agent cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*
netapp oncommand_balance cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
netapp oncommand_unified_manager cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
netapp oncommand_workflow_automation cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netapp ontap_select_deploy cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*
netapp service_processor cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
netapp smi-s_provider cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
netapp snapcenter_server cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
netapp snapdrive cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
netapp storagegrid cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
netapp storagegrid_webscale cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*
netapp clustered_data_ontap cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
paloaltonetworks pan-os <= 6.1.17 cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
paloaltonetworks pan-os >= 7.0.0, <= 7.0.15 cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
paloaltonetworks pan-os >= 7.1.0, <= 7.1.10 cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
oracle adaptive_access_manager 11.1.2.3.0 cpe:2.3:a:oracle:adaptive_access_manager:11.1.2.3.0:*:*:*:*:*:*:*
oracle application_testing_suite 13.3.0.1 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
oracle communications_analytics 12.1.1 cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
oracle communications_ip_service_activator 7.3.4 cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*
oracle communications_ip_service_activator 7.4.0 cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
oracle core_rdbms 11.2.0.4 cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*
oracle core_rdbms 12.1.0.2 cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*
oracle core_rdbms 12.2.0.1 cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*
oracle core_rdbms 18c cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*
oracle core_rdbms 19c cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*
oracle enterprise_manager_ops_center 12.3.3 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
oracle enterprise_manager_ops_center 12.4.0 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
oracle goldengate_application_adapters 12.3.2.1.0 cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools 9.2 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.56 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
oracle retail_predictive_application_server 15.0.3 cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
oracle retail_predictive_application_server 16.0.3 cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*
oracle timesten_in-memory_database < 18.1.4.1.0 cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*
oracle weblogic_server 10.3.6.0.0 cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
oracle weblogic_server 12.1.3.0.0 cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.3.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.4.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
fujitsu m10-1_firmware < xcp2361 cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
fujitsu m10-1_firmware >= xcp3000, < xcp3070 cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
fujitsu m10-4_firmware < xcp2361 cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
fujitsu m10-4_firmware >= xcp3000, < xcp3070 cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
fujitsu m10-4s_firmware < xcp2361 cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
fujitsu m10-4s_firmware >= xcp3000, < xcp3070 cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
fujitsu m12-1_firmware < xcp2361 cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
fujitsu m12-1_firmware >= xcp3000, < xcp3070 cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
fujitsu m12-2_firmware < xcp2361 cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
fujitsu m12-2_firmware >= xcp3000, < xcp3070 cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
fujitsu m12-2s_firmware < xcp2361 cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
fujitsu m12-2s_firmware >= xcp3000, < xcp3070 cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*

CVE-2016-8610 的參考連結

URL 標籤
http://rhn.redhat.com/errata/RHSA-2017-0286.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0574.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1415.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1659.html Third Party Advisory
http://seclists.org/oss-sec/2016/q4/224 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/93841 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037084 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1413 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1414 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1658 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1801 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1802 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2493 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2494 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 Issue Tracking Patch Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401 Broken Link
https://security.360.cn/cve/CVE-2016-8610/ Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc Third Party Advisory
https://security.netapp.com/advisory/ntap-20171130-0001/ Third Party Advisory
https://security.paloaltonetworks.com/CVE-2016-8610 Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us Third Party Advisory
https://www.debian.org/security/2017/dsa-3773 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Patch Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch Third Party Advisory
cvelogic Threat Intelligence