CVE-2016-6303 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-30 | lib32-openssl | 1:1.0.2.h-1 | 1:1.0.2.i-1 | High | Fixed | |
| AVG-29 | openssl | 1.0.2.h-1 | 1.0.2.i-1 | High | Fixed | FS#49616 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 26 Sep 2016 | ASA-201609-24 | AVG-30 | lib32-openssl | High | multiple issues |
| 26 Sep 2016 | ASA-201609-23 | AVG-29 | openssl | High | multiple issues |
| References |
|---|
https://www.openssl.org/news/secadv/20160922.txt |