CVE-2016-7056 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Affected Products (NVD)

Vendor	Product	Version
openssl	openssl	𝑥 ≤ 1.0.1u
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

artful	not-affected
bionic	not-affected
cosmic	not-affected
disco	not-affected
precise	Fixed 1.0.1-4ubuntu5.39 released
trusty	Fixed 1.0.1f-1ubuntu2.22 released
xenial	not-affected
yakkety	not-affected
zesty	not-affected

openssl098

artful	dne
bionic	dne
cosmic	dne
disco	dne
precise	ignored
trusty	dne
xenial	dne
yakkety	dne
zesty	dne

Common Weakness Enumeration

CWE-385 - Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
CWE-320 -

References

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://www.securityfocus.com/bid/95375

http://www.securitytracker.com/id/1037575

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056

https://eprint.iacr.org/2016/1195

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig

https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html

https://seclists.org/oss-sec/2017/q1/52

https://security-tracker.debian.org/tracker/CVE-2016-7056

https://www.debian.org/security/2017/dsa-3773

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://www.securityfocus.com/bid/95375

http://www.securitytracker.com/id/1037575

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056

https://eprint.iacr.org/2016/1195

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig

https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html

https://seclists.org/oss-sec/2017/q1/52

https://security-tracker.debian.org/tracker/CVE-2016-7056

https://www.debian.org/security/2017/dsa-3773