CVE-2016-2217

Опубликовано: 01 фев. 2016

Источник: redhat

CVSS2: 4.3

Описание

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	socat	Not affected
Red Hat OpenShift Enterprise 2	socat	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-327

https://bugzilla.redhat.com/show_bug.cgi?id=1305437socat: Hard coded 1024 bit DH p parameter was not prime

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-2217

CVSS3: 5.3

ubuntu

около 9 лет назад

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

CVE-2016-2217

CVSS3: 5.3

nvd

около 9 лет назад

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

CVE-2016-2217

CVSS3: 5.3

debian

около 9 лет назад

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does ...

GHSA-x8h2-j222-xxr3

CVSS3: 5.3

github

больше 3 лет назад

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

4.3 Medium

CVSS2