CVE-2016-7798

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7798
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7798.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7798
Aliases
Downstream
Related
Published
2017-01-30T22:59:00Z
Modified
2025-09-16T06:28:23.338993Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

References

Affected packages

Debian:11 / ruby-attr-encrypted

Package

Name
ruby-attr-encrypted
Purl
pkg:deb/debian/ruby-attr-encrypted?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-attr-encrypted

Package

Name
ruby-attr-encrypted
Purl
pkg:deb/debian/ruby-attr-encrypted?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-attr-encrypted

Package

Name
ruby-attr-encrypted
Purl
pkg:deb/debian/ruby-attr-encrypted?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / ruby-attr-encrypted

Package

Name
ruby-attr-encrypted
Purl
pkg:deb/debian/ruby-attr-encrypted?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:11 / ruby-encryptor

Package

Name
ruby-encryptor
Purl
pkg:deb/debian/ruby-encryptor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-encryptor

Package

Name
ruby-encryptor
Purl
pkg:deb/debian/ruby-encryptor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-encryptor

Package

Name
ruby-encryptor
Purl
pkg:deb/debian/ruby-encryptor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / ruby-encryptor

Package

Name
ruby-encryptor
Purl
pkg:deb/debian/ruby-encryptor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/ruby/openssl

Affected ranges

Type
GIT
Repo
https://github.com/ruby/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8108e0a6db133f3375608303fdd2083eb5115062

Affected versions

v2.*

v2.0.0.beta.1
v2.0.0.beta.2

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "18836833283231560844724073730829986290",
                "length": 555.0
            },
            "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
            "id": "CVE-2016-7798-0273a448",
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "function": "ossl_cipher_initialize",
                "file": "ext/openssl/ossl_cipher.c"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "function_hash": "119251954816265579831480709042123290132",
                "length": 1827.0
            },
            "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
            "id": "CVE-2016-7798-3f0883d4",
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "function": "Init_ossl_cipher",
                "file": "ext/openssl/ossl_cipher.c"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "function_hash": "97745084328378698433793456802924644289",
                "length": 953.0
            },
            "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
            "id": "CVE-2016-7798-3f753bcc",
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "function": "ossl_cipher_pkcs5_keyivgen",
                "file": "ext/openssl/ossl_cipher.c"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "function_hash": "24065403867100165975165287948377577072",
                "length": 826.0
            },
            "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
            "id": "CVE-2016-7798-6f8c10c2",
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "function": "ossl_cipher_update",
                "file": "ext/openssl/ossl_cipher.c"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "function_hash": "134827275998405474457279400591891368564",
                "length": 1205.0
            },
            "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
            "id": "CVE-2016-7798-86ad5f31",
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "function": "ossl_cipher_init",
                "file": "ext/openssl/ossl_cipher.c"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "line_hashes": [
                    "284585775078716318004365018978382110472",
                    "5365017270049154351363641420850474801",
                    "16305382426517432422657327091401525929",
                    "45775236435836750032013955384362448794",
                    "320898416230421948790894359680959822504",
                    "233218199029811107687397305128374648153",
                    "174365936403433892041030928945825510933",
                    "245662856679087629139578563929946069546",
                    "76602010387779961979775043636728469453",
                    "61739202877602274549608564427681449652",
                    "245675679155293234987569825675038787823",
                    "244762464075265980262547110664038213642",
                    "177500537116465791592083329812154464276",
                    "290051772895464098146318870571603871847",
                    "241899318239519525257244678910703344708",
                    "12416997827316531595897596689505104204",
                    "321643682912275299927425285911928048629",
                    "120948984238574514692622200225975649504",
                    "231909222775174977084090478227193463499",
                    "37973962927976103226260129785782099491",
                    "272509562096133768158234272756950863040",
                    "217090316981509586516234878214595051749",
                    "116711954544507703641914481499165266556",
                    "131847170257812238423551080980995337222",
                    "40641891737914228294330439304346334986",
                    "297673390402046217904672312803784686712"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
            "id": "CVE-2016-7798-b4b5714f",
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "ext/openssl/ossl_cipher.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "function_hash": "329745586785318989411528529045439739679",
                "length": 394.0
            },
            "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
            "id": "CVE-2016-7798-d7100c6b",
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "function": "ossl_cipher_set_key",
                "file": "ext/openssl/ossl_cipher.c"
            },
            "signature_type": "Function"
        }
    ]
}