CVE-2016-6303 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-6303 PUBLISHED

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

EPSS 28.00% · 96.4th percentile

Risk Scores

EPSS Score

28.00%

96.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	openssl	0, 1.0.2d-0ubuntu1, 1.0.2d-0ubuntu2
Ubuntu:14.04:LTS	openssl	1.0.1f-1ubuntu2.3, 1.0.1f-1ubuntu2.4, 1.0.1f-1ubuntu2.5

Timeline

CVE Published
May 25, 2017 PoC Published
Oct 2, 2020 PoC Published
Nov 6, 2020 PoC Published
Sep 6, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 20, 2023 EPSS Score
Aug 20, 2023 EPSS Score
Dec 18, 2023 EPSS Score
Oct 9, 2024 PoC Published
Dec 12, 2024 PoC Published

References

https://ubuntu.com/security/CVE-2016-6303 third-party-advisory
https://www.openssl.org/news/secadv/20160922.txt third-party-advisory
https://ubuntu.com/security/notices/USN-3087-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-6303 third-party-advisory
Multiples vulnérabilités dans les produits Siemens advisory

Open in Interactive Console →