Integer Overflow Vulnerability in OpenSSL Affects Multiple Products
CVE-2016-6303

9.8CRITICAL

Key Information:

Vendor: Nodejs
Status: Node.js
Vendor: CVE Published:; 16 September 2016

What is CVE-2016-6303?

The integer overflow vulnerability in the MDC2_Update function of OpenSSL can be exploited by remote attackers to execute out-of-bounds write operations. This could lead to a denial of service, causing the application to crash. The vulnerability impacts OpenSSL versions prior to 1.1.0, allowing attackers to exploit it through unknown vectors, putting systems at risk. System administrators are advised to update to the latest version to mitigate potential threats.

References

https://www.tenable.com/security/tns-2016-20

http://www.oracle.com/technetwork/security-advisory/cpuja...

https://kb.pulsesecure.net/articles/Pulse_Security_Adviso...

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2016
Vulnerability Reserved
Jul 26, 2016

Nodejs

What is CVE-2016-6303?

References

EPSS Score

CVSS V3.1

Timeline