CVE-2016-6303

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-6303
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6303.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-6303
Downstream
Related
Published
2016-09-16T05:59:13.363Z
Modified
2026-04-16T14:50:14.551845Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0ad4bbd94af535d9b70f64fff28652f23b05c403
Introduced
f9f837885343a2a3f5ba2b8c510eaac395c8c865
Fixed
57ca7390d03372b99d9cf8563c75a3895d93a6e6
Introduced
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Fixed
0a3ad92292505bebe6d3139c90d8ba79a7a00141
Database specific 
{
    "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.16"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.6.0"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.6.0"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.8
v0.12.9
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v4.*
v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v6.*
v6.0.0
v6.1.0
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6303.json"

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
888759a1d38197f29de7227876c3b58fbff8549f
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Database specific 
{
    "cpe": [
        "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.1"
        },
        {
            "last_affected": "1.0.1a"
        },
        {
            "last_affected": "1.0.1b"
        },
        {
            "last_affected": "1.0.1c"
        },
        {
            "last_affected": "1.0.1d"
        },
        {
            "last_affected": "1.0.1e"
        },
        {
            "last_affected": "1.0.1f"
        },
        {
            "last_affected": "1.0.1g"
        },
        {
            "last_affected": "1.0.1h"
        },
        {
            "last_affected": "1.0.1i"
        },
        {
            "last_affected": "1.0.1j"
        },
        {
            "last_affected": "1.0.1k"
        },
        {
            "last_affected": "1.0.1l"
        },
        {
            "last_affected": "1.0.1m"
        },
        {
            "last_affected": "1.0.1n"
        },
        {
            "last_affected": "1.0.1o"
        },
        {
            "last_affected": "1.0.1p"
        },
        {
            "last_affected": "1.0.1q"
        },
        {
            "last_affected": "1.0.1r"
        },
        {
            "last_affected": "1.0.1s"
        },
        {
            "last_affected": "1.0.1t"
        },
        {
            "last_affected": "1.0.2"
        },
        {
            "last_affected": "1.0.2a"
        },
        {
            "last_affected": "1.0.2b"
        },
        {
            "last_affected": "1.0.2c"
        },
        {
            "last_affected": "1.0.2d"
        },
        {
            "last_affected": "1.0.2e"
        },
        {
            "last_affected": "1.0.2f"
        },
        {
            "last_affected": "1.0.2g"
        },
        {
            "last_affected": "1.0.2h"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

Other
OpenSSL_1_0_1
OpenSSL_1_0_1-beta1
OpenSSL_1_0_1-beta2
OpenSSL_1_0_1-beta3
OpenSSL_1_0_1-post-auto-reformat
OpenSSL_1_0_1-post-reformat
OpenSSL_1_0_1-pre-auto-reformat
OpenSSL_1_0_1-pre-reformat
OpenSSL_1_0_1a
OpenSSL_1_0_1b
OpenSSL_1_0_1c
OpenSSL_1_0_1d
OpenSSL_1_0_1e
OpenSSL_1_0_1f
OpenSSL_1_0_1g
OpenSSL_1_0_1h
OpenSSL_1_0_1i
OpenSSL_1_0_1j
OpenSSL_1_0_1k
OpenSSL_1_0_1l
OpenSSL_1_0_1m
OpenSSL_1_0_1n
OpenSSL_1_0_1o
OpenSSL_1_0_1p
OpenSSL_1_0_1q
OpenSSL_1_0_1r
OpenSSL_1_0_1s
OpenSSL_1_0_1t
OpenSSL_1_0_1u
OpenSSL_1_0_2
OpenSSL_1_0_2-beta1
OpenSSL_1_0_2-beta2
OpenSSL_1_0_2-beta3
OpenSSL_1_0_2-post-auto-reformat
OpenSSL_1_0_2-post-reformat
OpenSSL_1_0_2-pre-auto-reformat
OpenSSL_1_0_2-pre-reformat
OpenSSL_1_0_2a
OpenSSL_1_0_2b
OpenSSL_1_0_2c
OpenSSL_1_0_2d
OpenSSL_1_0_2e
OpenSSL_1_0_2f
OpenSSL_1_0_2g
OpenSSL_1_0_2h
OpenSSL_1_0_2i
OpenSSL_1_0_2j
OpenSSL_1_0_2k
OpenSSL_1_0_2l
OpenSSL_1_0_2m
OpenSSL_1_0_2n
OpenSSL_1_0_2o
OpenSSL_1_0_2p
OpenSSL_1_0_2q
OpenSSL_1_0_2r
OpenSSL_1_0_2s
OpenSSL_1_0_2t
OpenSSL_1_0_2u

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6303.json"