ByteOS Network

CVE Vulnerability Details :

CVE-2016-7056

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-10 Sep, 2018 | 16:00

Updated At-06 Aug, 2024 | 01:50

▼CVE Numbering Authority (CNA)

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Affected Products

Vendor

OpenSSL

Product

openssl

Versions

Affected

openssl 1.0.1u

Problem Types

Type	CWE ID	Description
CWE	CWE-385	CWE-385

Type: CWE

CWE ID: CWE-385

Description: CWE-385

Metrics

Version	Base score	Base severity	Vector
3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Hyperlink	Resource
https://eprint.iacr.org/2016/1195	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory x_refsource_REDHAT
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory x_refsource_REDHAT
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig	x_refsource_CONFIRM
http://www.securitytracker.com/id/1037575	vdb-entry x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory x_refsource_REDHAT
https://seclists.org/oss-sec/2017/q1/52	mailing-list x_refsource_MLIST
https://www.debian.org/security/2017/dsa-3773	vendor-advisory x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056	x_refsource_CONFIRM
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html	x_refsource_CONFIRM
http://www.securityfocus.com/bid/95375	vdb-entry x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory x_refsource_REDHAT
https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig	x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2016-7056	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory x_refsource_REDHAT

Hyperlink: https://eprint.iacr.org/2016/1195

Resource:

x_refsource_MISC

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1801

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1413

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securitytracker.com/id/1037575

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1414

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://seclists.org/oss-sec/2017/q1/52

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://www.debian.org/security/2017/dsa-3773

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056

Resource:

x_refsource_CONFIRM

Hyperlink: https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/95375

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://rhn.redhat.com/errata/RHSA-2017-1415.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig

Resource:

x_refsource_CONFIRM

Hyperlink: https://security-tracker.debian.org/tracker/CVE-2016-7056

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2017:1802

Resource:

vendor-advisory

x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://eprint.iacr.org/2016/1195	x_refsource_MISC x_transferred
https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory x_refsource_REDHAT x_transferred
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory x_refsource_REDHAT x_transferred
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1037575	vdb-entry x_refsource_SECTRACK x_transferred
https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory x_refsource_REDHAT x_transferred
https://seclists.org/oss-sec/2017/q1/52	mailing-list x_refsource_MLIST x_transferred
https://www.debian.org/security/2017/dsa-3773	vendor-advisory x_refsource_DEBIAN x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056	x_refsource_CONFIRM x_transferred
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/95375	vdb-entry x_refsource_BID x_transferred
http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory x_refsource_REDHAT x_transferred
https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig	x_refsource_CONFIRM x_transferred
https://security-tracker.debian.org/tracker/CVE-2016-7056	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory x_refsource_REDHAT x_transferred