CVE-2016-6303

CRITICAL

Node.js < 0.12.16 - Out-of-bounds Write in MDC2_Update

Title source: llm
STIX 2.1

Description

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

References (19)

Core 19
Core References
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1036885
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/92984
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1370146

Scores

CVSS v3 9.8
EPSS 0.2622
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (31)
nodejs/node.js < 0.12.16
openssl/openssl 1.0.1
openssl/openssl 1.0.1a
openssl/openssl 1.0.1b
openssl/openssl 1.0.1c
openssl/openssl 1.0.1d
openssl/openssl 1.0.1e
openssl/openssl 1.0.1f
openssl/openssl 1.0.1g
openssl/openssl 1.0.1h
... and 21 more
Published Sep 16, 2016
Tracked Since Feb 18, 2026