Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-7055

Опубликовано: 04 мая 2017
Источник: nvd
CVSS3: 5.9
CVSS2: 2.6
EPSS Низкий

Описание

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Версия от 1.0.2 (включая) до 1.0.2k (исключая)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Версия от 1.1.0 (включая) до 1.1.0c (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 4.0.0 (включая) до 4.1.2 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 4.2.0 (включая) до 4.7.3 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 6.0.0 (включая) до 6.8.1 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 6.9.0 (включая) до 6.9.5 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 7.0.0 (включая) до 7.5.0 (исключая)

EPSS

Процентиль: 92%
0.09577
Низкий

5.9 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2016-7055

CVSS3: 5.9
ubuntu
около 8 лет назад

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clien...

redhat логотип

CVE-2016-7055

CVSS3: 3.7
redhat
больше 8 лет назад

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clien...

debian логотип

CVE-2016-7055

CVSS3: 5.9
debian
около 8 лет назад

There is a carry propagating bug in the Broadwell-specific Montgomery ...

github логотип

GHSA-hxpw-pxmm-q49r

CVSS3: 5.9
github
около 3 лет назад

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clien...

fstec логотип

BDU:2020-02907

CVSS3: 5.9
fstec
около 8 лет назад

Уязвимость реализации алгоритма умножения Монтгомери библиотеки OpenSSL, связанная с ошибкой управления ключами , позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 92%
0.09577
Низкий

5.9 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

NVD-CWE-noinfo