CVE-2016-6225

EPSS 0.33%
Veröffentlicht 23.03.2017 16:59:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

NVD 10 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Percona ≫ Xtrabackup Version <= 2.3.5

Percona ≫ Xtrabackup Version2.4.0 Updaterc1

Percona ≫ Xtrabackup Version2.4.1

Percona ≫ Xtrabackup Version2.4.2

Percona ≫ Xtrabackup Version2.4.3

Percona ≫ Xtrabackup Version2.4.4

Opensuse ≫ Leap Version42.1

Opensuse ≫ Leap Version42.2

Fedoraproject ≫ Fedora Version24

Fedoraproject ≫ Fedora Version25

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.556

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-01/msg00126.html

Third Party Advisory

https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949

Patch

Third Party Advisory

Issue Tracking

https://github.com/percona/percona-xtrabackup/pull/266

Patch

Third Party Advisory

Issue Tracking