CVE-2016-7798

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-7798
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7798.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-7798
Aliases
Downstream
Related
Published
2017-01-30T22:59:00.747Z
Modified
2025-11-14T04:51:15.017738Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

References

Affected packages

Git / github.com/ruby/openssl

Affected ranges

Type
GIT
Repo
https://github.com/ruby/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8108e0a6db133f3375608303fdd2083eb5115062

Affected versions

v2.*

v2.0.0.beta.1
v2.0.0.beta.2

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2016-7798-0273a448",
        "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
        "digest": {
            "length": 555.0,
            "function_hash": "18836833283231560844724073730829986290"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_cipher_initialize",
            "file": "ext/openssl/ossl_cipher.c"
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2016-7798-3f0883d4",
        "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
        "digest": {
            "length": 1827.0,
            "function_hash": "119251954816265579831480709042123290132"
        },
        "signature_version": "v1",
        "target": {
            "function": "Init_ossl_cipher",
            "file": "ext/openssl/ossl_cipher.c"
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2016-7798-3f753bcc",
        "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
        "digest": {
            "length": 953.0,
            "function_hash": "97745084328378698433793456802924644289"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_cipher_pkcs5_keyivgen",
            "file": "ext/openssl/ossl_cipher.c"
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2016-7798-6f8c10c2",
        "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
        "digest": {
            "length": 826.0,
            "function_hash": "24065403867100165975165287948377577072"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_cipher_update",
            "file": "ext/openssl/ossl_cipher.c"
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2016-7798-86ad5f31",
        "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
        "digest": {
            "length": 1205.0,
            "function_hash": "134827275998405474457279400591891368564"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_cipher_init",
            "file": "ext/openssl/ossl_cipher.c"
        }
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2016-7798-b4b5714f",
        "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
        "digest": {
            "line_hashes": [
                "284585775078716318004365018978382110472",
                "5365017270049154351363641420850474801",
                "16305382426517432422657327091401525929",
                "45775236435836750032013955384362448794",
                "320898416230421948790894359680959822504",
                "233218199029811107687397305128374648153",
                "174365936403433892041030928945825510933",
                "245662856679087629139578563929946069546",
                "76602010387779961979775043636728469453",
                "61739202877602274549608564427681449652",
                "245675679155293234987569825675038787823",
                "244762464075265980262547110664038213642",
                "177500537116465791592083329812154464276",
                "290051772895464098146318870571603871847",
                "241899318239519525257244678910703344708",
                "12416997827316531595897596689505104204",
                "321643682912275299927425285911928048629",
                "120948984238574514692622200225975649504",
                "231909222775174977084090478227193463499",
                "37973962927976103226260129785782099491",
                "272509562096133768158234272756950863040",
                "217090316981509586516234878214595051749",
                "116711954544507703641914481499165266556",
                "131847170257812238423551080980995337222",
                "40641891737914228294330439304346334986",
                "297673390402046217904672312803784686712"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "ext/openssl/ossl_cipher.c"
        }
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2016-7798-d7100c6b",
        "source": "https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062",
        "digest": {
            "length": 394.0,
            "function_hash": "329745586785318989411528529045439739679"
        },
        "signature_version": "v1",
        "target": {
            "function": "ossl_cipher_set_key",
            "file": "ext/openssl/ossl_cipher.c"
        }
    }
]