PT-2017-9351 · Openssl+2 · Openssl+2

Boramao

Publicado

2016-10-13

Atualizado

2020-11-05

CVE-2016-7798

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions openssl gem for Ruby (affected versions not specified)

Description The issue arises when the initialization vector (IV) is set before the key in GCM Mode (aes-*-gcm), allowing context-dependent attackers to bypass the encryption protection mechanism. This makes it easier for attackers to exploit the situation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

CVE-2016-7798

DLA-1421-1

DSA-3966-1

GHSA-6H88-QJPV-P32M

MGASA-2016-0342

SUSE-SU-2020:1570-1

SUSE-SU-2020_1570-1

USN-3365-1

Produtos afetados

Suse

Ubuntu

Openssl

PT-2017-9351 · Openssl+2 · Openssl+2

CVE-2016-7798

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 121