VDB

CVE-2016-6303

CVE-2016-6303 PUBLISHED

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

EPSS 28.82% · 96.7th percentile

Risk Scores

EPSS Score
28.82%
96.7th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSopenssl0, 1.0.2d-0ubuntu2, 1.0.2e-1ubuntu1
Ubuntu:14.04:LTSopenssl1.0.1e-4ubuntu1, 1.0.1e-4ubuntu4, 1.0.1f-1ubuntu1

Timeline

  • CVE Published
  • May 25, 2017 PoC Published
  • Oct 2, 2020 PoC Published
  • Nov 6, 2020 PoC Published
  • Sep 6, 2021 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Jul 8, 2023 EPSS Score
  • Aug 20, 2023 EPSS Score
  • Dec 18, 2023 EPSS Score
  • Oct 9, 2024 PoC Published
  • Dec 12, 2024 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›