Nodejs » Node.js : Security Vulnerabilities, CVEs, Published In September 2016 (Denial of service)

CVE-2016-6303

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.8
EPSS Score
28.94%
Published
2016-09-16
Updated
2023-02-12

CVE-2016-6304

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Max CVSS
7.8
EPSS Score
45.85%
Published
2016-09-26
Updated
2022-12-13

CVE-2016-6306

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Max CVSS
5.9
EPSS Score
25.94%
Published
2016-09-26
Updated
2022-12-13

CVE-2016-7052

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Max CVSS
7.5
EPSS Score
42.75%
Published
2016-09-26
Updated
2022-08-16
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close