CVE-2016-0704

Source
https://cve.org/CVERecord?id=CVE-2016-0704
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0704.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-0704
Downstream
Related
Published
2016-03-02T11:59:01.363Z
Modified
2026-07-07T08:45:20.346267737Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
Last affected
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.8ze"
        },
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "1.0.0"
        },
        {
            "introduced": "1.0.0a"
        },
        {
            "last_affected": "1.0.0a"
        },
        {
            "introduced": "1.0.0b"
        },
        {
            "last_affected": "1.0.0b"
        },
        {
            "introduced": "1.0.0c"
        },
        {
            "last_affected": "1.0.0c"
        },
        {
            "introduced": "1.0.0d"
        },
        {
            "last_affected": "1.0.0d"
        },
        {
            "introduced": "1.0.0e"
        },
        {
            "last_affected": "1.0.0e"
        },
        {
            "introduced": "1.0.0f"
        },
        {
            "last_affected": "1.0.0f"
        },
        {
            "introduced": "1.0.0g"
        },
        {
            "last_affected": "1.0.0g"
        },
        {
            "introduced": "1.0.0h"
        },
        {
            "last_affected": "1.0.0h"
        },
        {
            "introduced": "1.0.0i"
        },
        {
            "last_affected": "1.0.0i"
        },
        {
            "introduced": "1.0.0j"
        },
        {
            "last_affected": "1.0.0j"
        },
        {
            "introduced": "1.0.0k"
        },
        {
            "last_affected": "1.0.0k"
        },
        {
            "introduced": "1.0.0l"
        },
        {
            "last_affected": "1.0.0l"
        },
        {
            "introduced": "1.0.0m"
        },
        {
            "last_affected": "1.0.0m"
        },
        {
            "introduced": "1.0.0n"
        },
        {
            "last_affected": "1.0.0n"
        },
        {
            "introduced": "1.0.0o"
        },
        {
            "last_affected": "1.0.0o"
        },
        {
            "introduced": "1.0.0p"
        },
        {
            "last_affected": "1.0.0p"
        },
        {
            "introduced": "1.0.0q"
        },
        {
            "last_affected": "1.0.0q"
        },
        {
            "introduced": "1.0.0-beta1"
        },
        {
            "last_affected": "1.0.0-beta1"
        },
        {
            "introduced": "1.0.0-beta2"
        },
        {
            "last_affected": "1.0.0-beta2"
        },
        {
            "introduced": "1.0.0-beta3"
        },
        {
            "last_affected": "1.0.0-beta3"
        },
        {
            "introduced": "1.0.0-beta4"
        },
        {
            "last_affected": "1.0.0-beta4"
        },
        {
            "introduced": "1.0.0-beta5"
        },
        {
            "last_affected": "1.0.0-beta5"
        },
        {
            "introduced": "1.0.1"
        },
        {
            "last_affected": "1.0.1"
        },
        {
            "introduced": "1.0.1a"
        },
        {
            "last_affected": "1.0.1a"
        },
        {
            "introduced": "1.0.1b"
        },
        {
            "last_affected": "1.0.1b"
        },
        {
            "introduced": "1.0.1c"
        },
        {
            "last_affected": "1.0.1c"
        },
        {
            "introduced": "1.0.1d"
        },
        {
            "last_affected": "1.0.1d"
        },
        {
            "introduced": "1.0.1e"
        },
        {
            "last_affected": "1.0.1e"
        },
        {
            "introduced": "1.0.1f"
        },
        {
            "last_affected": "1.0.1f"
        },
        {
            "introduced": "1.0.1g"
        },
        {
            "last_affected": "1.0.1g"
        },
        {
            "introduced": "1.0.1h"
        },
        {
            "last_affected": "1.0.1h"
        },
        {
            "introduced": "1.0.1i"
        },
        {
            "last_affected": "1.0.1i"
        },
        {
            "introduced": "1.0.1j"
        },
        {
            "last_affected": "1.0.1j"
        },
        {
            "introduced": "1.0.1k"
        },
        {
            "last_affected": "1.0.1k"
        },
        {
            "introduced": "1.0.1l"
        },
        {
            "last_affected": "1.0.1l"
        },
        {
            "introduced": "1.0.1-beta1"
        },
        {
            "last_affected": "1.0.1-beta1"
        },
        {
            "introduced": "1.0.1-beta2"
        },
        {
            "last_affected": "1.0.1-beta2"
        },
        {
            "introduced": "1.0.1-beta3"
        },
        {
            "last_affected": "1.0.1-beta3"
        },
        {
            "introduced": "1.0.2"
        },
        {
            "last_affected": "1.0.2"
        },
        {
            "introduced": "1.0.2-beta1"
        },
        {
            "last_affected": "1.0.2-beta1"
        },
        {
            "introduced": "1.0.2-beta2"
        },
        {
            "last_affected": "1.0.2-beta2"
        },
        {
            "introduced": "1.0.2-beta3"
        },
        {
            "last_affected": "1.0.2-beta3"
        }
    ],
    "cpe": [
        "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*"
    ]
}

Affected versions

1.*
1.0.0
1.0.0-beta1
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-beta5
1.0.1
1.0.1-beta1
1.0.1-beta2
1.0.1-beta3
1.0.2
1.0.2-beta1
1.0.2-beta2
1.0.2-beta3
Other
OpenSSL_0_9_8
OpenSSL_0_9_8-beta1
OpenSSL_0_9_8-beta2
OpenSSL_0_9_8-beta4
OpenSSL_0_9_8-beta5
OpenSSL_0_9_8-beta6
OpenSSL_0_9_8-post-auto-reformat
OpenSSL_0_9_8-post-reformat
OpenSSL_0_9_8-pre-auto-reformat
OpenSSL_0_9_8-pre-reformat
OpenSSL_0_9_8a
OpenSSL_0_9_8b
OpenSSL_0_9_8c
OpenSSL_0_9_8d
OpenSSL_0_9_8e
OpenSSL_0_9_8h
OpenSSL_0_9_8i
OpenSSL_0_9_8j
OpenSSL_0_9_8m
OpenSSL_0_9_8m-beta1
OpenSSL_0_9_8n
OpenSSL_0_9_8o
OpenSSL_0_9_8p
OpenSSL_0_9_8q
OpenSSL_0_9_8r
OpenSSL_0_9_8s
OpenSSL_0_9_8t
OpenSSL_0_9_8u
OpenSSL_0_9_8v
OpenSSL_0_9_8w
OpenSSL_0_9_8x
OpenSSL_0_9_8y
OpenSSL_0_9_8za
OpenSSL_0_9_8zb
OpenSSL_0_9_8zc
OpenSSL_0_9_8zd
OpenSSL_0_9_8ze
OpenSSL_0_9_8zf
OpenSSL_0_9_8zg
OpenSSL_0_9_8zh
OpenSSL_1_0_2-beta1
OpenSSL_1_0_2-beta2
OpenSSL_1_0_2-beta3

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0704.json"