#VU815 Denial of service in OpenSSL and Oracle VM VirtualBox - CVE-2016-6303
Published: October 10, 2016 / Updated: January 5, 2017
Vulnerability identifier: #VU815
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6303
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OpenSSL
Oracle VM VirtualBox
OpenSSL
Oracle VM VirtualBox
Software vendor:
OpenSSL Software Foundation
Oracle
OpenSSL Software Foundation
Oracle
Description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness is caused by integer overflow in the MDC2_Update() function in 'crypto/mdc2/mdc2dgst.c'. By using large ammounts of input data attackers are able to trigger error in input length validation that leads to crash of the affected service.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
The weakness is caused by integer overflow in the MDC2_Update() function in 'crypto/mdc2/mdc2dgst.c'. By using large ammounts of input data attackers are able to trigger error in input length validation that leads to crash of the affected service.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Remediation
Update 1.0.2 to version 1.0.2i.
Update 1.0.1 to version 1.0.1u.
Update 1.0.1 to version 1.0.1u.