OpenSSL (IBB): OOB write in MDC2_Update() (CVE-2016-6303)

ID H1:221785
Type hackerone
Reporter theyarestone
Modified 2017-05-25T01:32:28


An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.

The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.