CVE-2016-0701
published 2016-02-15CVE-2016-0701: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH)…
PriorityP434low3.7CVSS 3.0
AVNACHPRNUINSUCLINAN
EPSS
83.64%
99.7th percentile
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.1.0h-1 (bookworm) | openssl 1.1.0h-1 (bookworm) |
| debian | openssl | < openssl 1.1.1m-1 (bookworm) | openssl 1.1.1m-1 (bookworm) |
| debian | openssl | < openssl 1.0.2f-2 (bookworm) | openssl 1.0.2f-2 (bookworm) |
| nodejs | node.js | 4.0.0 – 4.1.2 | — |
| nodejs | node.js | >= 4.2.0 < 4.8.7 | 4.8.7 |
| nodejs | node.js | 6.0.0 – 6.8.1 | — |
| nodejs | node.js | >= 6.9.0 < 6.12.2 | 6.12.2 |
| nodejs | node.js | 8.0.0 – 8.8.1 | — |
| nodejs | node.js | >= 8.9.0 < 8.9.3 | 8.9.3 |
| nodejs | node.js | >= 9.0.0 < 9.2.1 | 9.2.1 |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2016-0701 mitigates DH1024 private key reuse across multiple TLS clients; servers sharing DH1024 private keys among multiple clients are the meaningful attack target for related DH1024 carry-propagation bugs ↗
- ·CVE-2016-0701 enforces that DH1024 private keys must NOT be shared across multiple TLS clients; any server configuration reusing DH1024 private keys across sessions/clients is misconfigured and exploitable by related DH1024 carry-propagation vulnerabilities (CVE-2017-3738, CVE-2017-3736, CVE-2017-3732, CVE-2015-3193, CVE-2021-4160) ↗
- ·CVE-2016-0701 is referenced across multiple OpenSSL DH private-key-reuse advisories as the fix that removed the option of sharing DH private keys; confirm OpenSSL deployments are not configured to reuse DH1024 keys across clients ↗
CVSS provenance
nvdv3.03.7LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj3m-w8pf-46c5: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-3738 [HIGH] CWE-200 GHSA-gj3m-w8pf-46c5: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th gener
GHSA
GHSA-v9p6-6jhc-fhfp: The DH_check_pub_key function in crypto/dh/dh_check
ghsa_unreviewed·2022-05-13
CVE-2016-0701 [LOW] CWE-200 GHSA-v9p6-6jhc-fhfp: The DH_check_pub_key function in crypto/dh/dh_check
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
GHSA
GHSA-ph2x-8239-7xc7: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure
ghsa_unreviewed·2022-02-08·CVSS 3.7
CVE-2021-4160 [LOW] GHSA-ph2x-8239-7xc7: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple client
OSV
CVE-2021-4160: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure
osv·2022-01-28·CVSS 3.7
CVE-2021-4160 [LOW] CVE-2021-4160: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple client
OSV
CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli
osv·2017-12-07·CVSS 7.5
CVE-2017-3738 [HIGH] CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th gener
OSV
CVE-2016-0701: The DH_check_pub_key function in crypto/dh/dh_check
osv·2016-02-15·CVSS 3.7
CVE-2016-0701 [LOW] CVE-2016-0701: The DH_check_pub_key function in crypto/dh/dh_check
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Red Hat
openssl: Carry propagation bug in the MIPS32 and MIPS64 squaring procedure
vendor_redhat·2022-01-28·CVSS 3.7
CVE-2021-4160 [LOW] CWE-327 openssl: Carry propagation bug in the MIPS32 and MIPS64 squaring procedure
openssl: Carry propagation bug in the MIPS32 and MIPS64 squaring procedure
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaning
Debian
CVE-2021-4160: openssl - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Ma...
vendor_debian·2021·CVSS 3.7
CVE-2021-4160 [LOW] CVE-2021-4160: openssl - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Ma...
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple client
BSD
FreeBSD-SA-17:12.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2017-12-09·CVSS 5.9
CVE-2016-0701 [MEDIUM] FreeBSD-SA-17:12.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-17:12.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2017-12-09
Affects: All supported versions of FreeBSD.
Corrected: 2017-12-07 18:04:48 UTC (stable/11, 11.1-STABLE)
2017-12-09 03:44:26 UTC (releng/11.1, 11.1-RELEASE-p6)
2017-12-09 03:41:31 UTC (stable/10, 10.4-STABLE)
2017-12-09 03:45:23 UTC (releng/10.4, 10.4-RELEASE-p5)
2017-12-09 03:45:23 UTC (releng/10.3, 10.3-RELEASE-p26)
CVE Name: CVE-2017-3737, CVE-2017-3738
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effo
Red Hat
openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
vendor_redhat·2017-12-07·CVSS 7.5
CVE-2017-3738 [HIGH] CWE-190 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2
Debian
CVE-2017-3738: openssl - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in...
vendor_debian·2017·CVSS 7.5
CVE-2017-3738 [HIGH] CVE-2017-3738: openssl - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in...
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th gener
Cisco
Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
vendor_cisco·2016-01-29
CVE-2015-3197 [HIGH] Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities.
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on an SSL/TLS connection.
This advisory will be updated as additional information becomes available.
Cisco will release software updates that address these vulnerabilities.
Workarounds that address these vulnerabilities are not available.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
Ubuntu
OpenSSL vulnerability
vendor_ubuntu·2016-01-28
CVE-2016-0701 OpenSSL vulnerability
Title: OpenSSL vulnerability
Summary: OpenSSL could be made to expose sensitive information over the network.
Antonio Sanso discovered that OpenSSL reused the same private DH exponent
for the life of a server process when configured with a X9.42 style
parameter file. This could allow a remote attacker to possibly discover the
server's private DH exponent when being used with non-safe primes.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
OpenSSL: DH small subgroups
vendor_redhat·2016-01-28·CVSS 3.7
CVE-2016-0701 [LOW] OpenSSL: DH small subgroups
OpenSSL: DH small subgroups
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
It was found that OpenSSL used weak Diffie-Hellman parameters based on unsafe primes, which were generated and stored in X9.42-style parameter files. An attacker who could force the peer to perform multiple handshakes using the same private DH component could use this flaw to conduct man-in-the-middle attacks on the SSL/TLS connection.
Statement: OpenSSL 1.0.2 provides support for generating
Debian
CVE-2016-0701: openssl - The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1....
vendor_debian·2016·CVSS 3.7
CVE-2016-0701 [LOW] CVE-2016-0701: openssl - The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1....
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Scope: local
bookworm: resolved (fixed in 1.0.2f-2)
bullseye: resolved (fixed in 1.0.2f-2)
forky: resolved (fixed in 1.0.2f-2)
sid: resolved (fixed in 1.0.2f-2)
trixie: resolved (fixed in 1.0.2f-2)
Cisco
Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
vendor_cisco
CVE-2016-0701 Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
CVE-2016-0701: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on an SSL/TLS connection. This advisory will be updated as additional information becomes available. Cisco will release software updates that address these vulnerabilities.
Bug IDs: CSCuy07208, CSCuy07223, CSCuy07225, CSCuy07208, CSCuy07223
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
bugzilla·2017-12-08·CVSS 7.5
CVE-2017-3738 [HIGH] CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.
This only affects processors that su
Bugzilla
CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM
bugzilla·2016-04-28·CVSS 5.6
CVE-2016-0264 [MEDIUM] CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM
CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM
A buffer overflow flaw was fixed in IBM JDK 6 SR16-FP25, 7 SR9-FP40, 7R1 SR3-FP40, and 8 SR3:
CVEID: CVE-2016-0264
DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
http://www-01.ibm.com/support/docview.wss?uid=swg21980826
External Reference:
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7 Supplementary
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:0701 https://rhn.redhat.com/errata/RHSA-2016-0701.html
---
This is
HackerOne
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
hackerone·2016-03-28·CVSS 3.7
CVE-2016-0701 [LOW] OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
Full write up: http://intothesymmetry.blogspot.ch/2016/01/openssl-key-recovery-attack-on-dh-small.html
DH small subgroups (CVE-2016-0701)
Severity: High
Historically OpenSSL usually only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for generating
X9.42 style parameter files such as those required for RFC 5114 support. The
primes used in such files may not be "safe". Where an application is using DH
configured with parameters based on primes that are not "safe" then an attacker
could use this fact to find a peer's private DH exponent. This attack requires
that the attacker complete multiple handshakes in which the peer uses the same
private DH exponent. For ex
Bugzilla
CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers [fedora-all]
bugzilla·2016-01-28·CVSS 5.9
CVE-2015-3197 [MEDIUM] CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers [fedora-all]
CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedor
Bugzilla
CVE-2016-0701 OpenSSL: DH small subgroups
bugzilla·2016-01-26·CVSS 3.7
CVE-2016-0701 [LOW] CVE-2016-0701 OpenSSL: DH small subgroups
CVE-2016-0701 OpenSSL: DH small subgroups
As per OpenSSL upstream:
Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite.
OpenSSL pro
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://www.openssl.org/news/secadv/20160128.txthttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/82233http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1034849http://www.ubuntu.com/usn/USN-2883-1https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893https://security.gentoo.org/glsa/201601-05https://www.kb.cert.org/vuls/id/257823https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttp://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://www.openssl.org/news/secadv/20160128.txthttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/82233http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1034849http://www.ubuntu.com/usn/USN-2883-1https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893https://security.gentoo.org/glsa/201601-05https://www.kb.cert.org/vuls/id/257823https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
2016-02-15
Published