Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-2178

Опубликовано: 20 июн. 2016
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 2.1
CVSS3: 5.5

Описание

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

РелизСтатусПримечание
artful

released

1.0.2g-1ubuntu9
bionic

released

1.0.2g-1ubuntu9
cosmic

released

1.0.2g-1ubuntu9
devel

released

1.0.2g-1ubuntu9
disco

released

1.0.2g-1ubuntu9
esm-infra-legacy/trusty

released

1.0.1f-1ubuntu2.20
esm-infra/bionic

released

1.0.2g-1ubuntu9
esm-infra/xenial

released

1.0.2g-1ubuntu4.4
precise

released

1.0.1-4ubuntu5.37
precise/esm

not-affected

1.0.1-4ubuntu5.37

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

ignored

end of standard support
trusty/esm

DNE

trusty was needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 51%
0.00274
Низкий

2.1 Low

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-2178

CVSS3: 5.1
redhat
больше 9 лет назад

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

nvd логотип

CVE-2016-2178

CVSS3: 5.5
nvd
больше 9 лет назад

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

debian логотип

CVE-2016-2178

CVSS3: 5.5
debian
больше 9 лет назад

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL throug ...

github логотип

GHSA-jhj7-8r7j-mjxf

CVSS3: 5.5
github
больше 3 лет назад

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

fstec логотип

BDU:2022-02558

CVSS3: 5.5
fstec
больше 9 лет назад

Уязвимость функции dsa_sign_setup библиотеки OpenSSL , связанная с раскрытием защищаемой информации, позволяющая нарушителю обойти криптографические механизмы защиты шифрования

EPSS

Процентиль: 51%
0.00274
Низкий

2.1 Low

CVSS2

5.5 Medium

CVSS3