Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7744

Опубликовано: 20 янв. 2015
Источник: redhat
CVSS2: 2.6
EPSS Низкий

Описание

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5mysql55-mysqlNot affected
Red Hat Enterprise Linux 6mysqlNot affected
Red Hat Enterprise Linux 7mariadbNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)mariadb-galeraNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)mariadb-galeraNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)mariadb-galeraNot affected
Red Hat Software Collectionsmariadb55-mariadbNot affected
Red Hat Software Collectionsmysql55-mysqlNot affected
Red Hat Software Collectionsrh-mariadb100-mariadbNot affected
Red Hat Software Collectionsrh-mysql56-mysqlNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-358
https://bugzilla.redhat.com/show_bug.cgi?id=1301488wolfSSL: insufficient hardening of RSA-CRT implementation (Oracle MySQL CPU Jan 2016)

EPSS

Процентиль: 87%
0.03423
Низкий

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7744

CVSS3: 5.9
ubuntu
больше 9 лет назад

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

nvd логотип

CVE-2015-7744

CVSS3: 5.9
nvd
больше 9 лет назад

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

debian логотип

CVE-2015-7744

CVSS3: 5.9
debian
больше 9 лет назад

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...

github логотип

GHSA-f7wf-fgwg-64px

CVSS3: 5.9
github
больше 3 лет назад

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

fstec логотип

BDU:2016-00137

fstec
больше 9 лет назад

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю получить доступ на чтение данных

EPSS

Процентиль: 87%
0.03423
Низкий

2.6 Low

CVSS2