CVE-2016-7056 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Vendor	Product	Version
openssl	openssl	𝑥 ≤ 1.0.1u
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openssl

bullseye	1.1.1w-0+deb11u1 fixed
bullseye (security)	1.1.1w-0+deb11u2 fixed
bookworm	3.0.14-1~deb12u1 fixed
bookworm (security)	3.0.14-1~deb12u2 fixed
sid	3.3.2-2 fixed
trixie	3.3.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	not-affected
zesty	not-affected
yakkety	not-affected
xenial	not-affected
trusty	Fixed 1.0.1f-1ubuntu2.22 released
precise	Fixed 1.0.1-4ubuntu5.39 released

openssl098

disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	dne
trusty	dne
precise	ignored

Common Weakness Enumeration

CWE-385 - Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
CWE-320 -

References

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://www.securityfocus.com/bid/95375

http://www.securitytracker.com/id/1037575

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056

https://eprint.iacr.org/2016/1195

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig

https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html

https://seclists.org/oss-sec/2017/q1/52

https://security-tracker.debian.org/tracker/CVE-2016-7056

https://www.debian.org/security/2017/dsa-3773

http://rhn.redhat.com/errata/RHSA-2017-1415.html

http://www.securityfocus.com/bid/95375

http://www.securitytracker.com/id/1037575

https://access.redhat.com/errata/RHSA-2017:1413

https://access.redhat.com/errata/RHSA-2017:1414

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056

https://eprint.iacr.org/2016/1195

https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig

https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html

https://seclists.org/oss-sec/2017/q1/52

https://security-tracker.debian.org/tracker/CVE-2016-7056

https://www.debian.org/security/2017/dsa-3773