9.8

CVE-2016-6303

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

Data is provided by the National Vulnerability Database (NVD)
NodejsNode.Js Version < 0.12.16
NodejsNode.Js Version >= 4.0.0 < 4.6.0
NodejsNode.Js Version >= 6.0.0 < 6.6.0
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.1q
OpenSSLOpenSSL Version1.0.1r
OpenSSLOpenSSL Version1.0.1s
OpenSSLOpenSSL Version1.0.1t
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
OpenSSLOpenSSL Version1.0.2g
OpenSSLOpenSSL Version1.0.2h
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 32.88% 0.967
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1036885
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/92984
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1370146
Patch
Third Party Advisory
Issue Tracking