CVE-2016-6303 log

Source
Severity Low
Remote Yes
Type Arbitrary code execution
Description
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
Group Package Affected Fixed Severity Status Ticket
AVG-30 lib32-openssl 1:1.0.2.h-1 1:1.0.2.i-1 High Fixed
AVG-29 openssl 1.0.2.h-1 1.0.2.i-1 High Fixed FS#49616
Date Advisory Group Package Severity Description
26 Sep 2016 ASA-201609-24 AVG-30 lib32-openssl High multiple issues
26 Sep 2016 ASA-201609-23 AVG-29 openssl High multiple issues
References
https://www.openssl.org/news/secadv/20160922.txt