CVE-2016-6303
critical-risk
Published 2016-09-16
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Do I need to act?
!
28.8% chance of exploitation in next 30 days
EPSS score — higher than 71% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 0ad4bbd94af535d9b70f64fff28652f23b05c403, 57ca7390d03372b99d9cf8563c75a3895d93a6e6, 0a3ad92292505bebe6d3139c90d8ba79a7a00141
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
References (38)
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Third Party Advisory
http://www.securityfocus.com/bid/92984
Third Party Advisory
http://www.securitytracker.com/id/1036885
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa132
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1370146
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Third Party Advisory
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Third Party Advisory
https://www.tenable.com/security/tns-2016-16
Third Party Advisory
https://www.tenable.com/security/tns-2016-20
Third Party Advisory
https://www.tenable.com/security/tns-2016-21
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
and 18 more references
70
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
15/34 · Moderate
Exposure
23/34 · High