CVE-2016-6303 - log back

CVE-2016-6303 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
+ The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
References
+ https://www.openssl.org/news/secadv/20160922.txt
Notes