5.5

CVE-2016-7056

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 1.0.1u
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.437
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

http://rhn.redhat.com/errata/RHSA-2017-1415.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1413
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1414
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1801
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1802
Third Party Advisory
https://www.debian.org/security/2017/dsa-3773
Third Party Advisory
http://www.securityfocus.com/bid/95375
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037575
Patch
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056
Patch
Third Party Advisory
Issue Tracking
https://eprint.iacr.org/2016/1195
Third Party Advisory
https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig
Patch
Third Party Advisory
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig
Patch
Third Party Advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html
Patch
Third Party Advisory
https://seclists.org/oss-sec/2017/q1/52
Third Party Advisory
Mailing List
https://security-tracker.debian.org/tracker/CVE-2016-7056
Patch
Third Party Advisory
VDB Entry