QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-0704

Back to search

CVE-2016-0704

Published: Mar 2, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

VendorProductVersions

n/a

n/a

affected
n/a

References

openSUSE-SU-2016:0638
vendor-advisory
FreeBSD-SA-16:12
vendor-advisory
SUSE-SU-2016:0621
vendor-advisory
83764
vdb-entry
SUSE-SU-2016:1057
vendor-advisory
openSUSE-SU-2016:0720
vendor-advisory
SUSE-SU-2016:0624
vendor-advisory
SUSE-SU-2016:0631
vendor-advisory
SUSE-SU-2016:0617
vendor-advisory
GLSA-201603-15
vendor-advisory
openSUSE-SU-2016:0628
vendor-advisory
1035133
vdb-entry
SUSE-SU-2016:0678
vendor-advisory
SUSE-SU-2016:0620
vendor-advisory
openSUSE-SU-2016:0637
vendor-advisory
SUSE-SU-2016:0641
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now