Advisory ID

12760

Release date

20160926

Last Updated

20160926

Issue Severity

None

 

Source

Source

openssl.org

Release date

20160922

CVSS v2 Base Score

Low

Problem Description

An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.

Impact

None.

 

Affected Products

None - no FoxT products use the MDC2 digest algorithm.

Workaround

N/A.

Obtaining Fixed Software

N/A.

External References

OpenSSL Security Advisory









 


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 16, 2019