OpenSSL (IBB): OOB write in MDC2_Update() (CVE-2016-6303)

2017-04-18T07:33:24
ID H1:221785
Type hackerone
Reporter theyarestone
Modified 2017-05-25T01:32:28

Description

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

refer: https://www.openssl.org/news/secadv/20160922.txt