CVE-2016-0704

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-0704
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0704.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-0704
Related
Published
2016-03-02T11:59:01Z
Modified
2024-10-12T01:31:34.521636Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

References

Affected packages

Debian:11 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0c-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0c-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0c-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openssl/openssl

Affected versions

Other

BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_0_9_8
OpenSSL_0_9_8-beta1
OpenSSL_0_9_8-beta2
OpenSSL_0_9_8-beta4
OpenSSL_0_9_8-beta5
OpenSSL_0_9_8-beta6
OpenSSL_0_9_8-post-auto-reformat
OpenSSL_0_9_8-post-reformat
OpenSSL_0_9_8-pre-auto-reformat
OpenSSL_0_9_8-pre-reformat
OpenSSL_0_9_8a
OpenSSL_0_9_8b
OpenSSL_0_9_8c
OpenSSL_0_9_8d
OpenSSL_0_9_8e
OpenSSL_0_9_8h
OpenSSL_0_9_8i
OpenSSL_0_9_8j
OpenSSL_0_9_8m
OpenSSL_0_9_8m-beta1
OpenSSL_0_9_8n
OpenSSL_0_9_8o
OpenSSL_0_9_8p
OpenSSL_0_9_8q
OpenSSL_0_9_8r
OpenSSL_0_9_8s
OpenSSL_0_9_8t
OpenSSL_0_9_8u
OpenSSL_0_9_8v
OpenSSL_0_9_8w
OpenSSL_0_9_8x
OpenSSL_0_9_8y
OpenSSL_0_9_8za
OpenSSL_0_9_8zb
OpenSSL_0_9_8zc
OpenSSL_0_9_8zd
OpenSSL_0_9_8ze
OpenSSL_0_9_8zf
OpenSSL_0_9_8zg
OpenSSL_0_9_8zh
OpenSSL_1_0_0
OpenSSL_1_0_0-beta1
OpenSSL_1_0_0-beta2
OpenSSL_1_0_0-beta3
OpenSSL_1_0_0-beta4
OpenSSL_1_0_0-beta5
OpenSSL_1_0_0a
OpenSSL_1_0_1-beta1
OpenSSL_1_0_1-beta2
OpenSSL_1_0_1-beta3