CVE-2016-0701Sensitive Information Exposure in Openssl

CWE-200Sensitive Information ExposureCWE-190Integer Overflow or WraparoundCWE-327Use of a Broken or Risky Cryptographic Algorithm25 documents11 sources
Severity
5.9MEDIUMNVD
NVD3.7OSV7.5OSV3.7
EPSS
27.5%
top 3.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
OpensslNodejs Node.jsSiemens Sinec INS+8 more
Timeline
PublishedFeb 15
Latest updateDec 19

Description

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages12 packages

debiandebian/openssl< openssl 1.1.0h-1 (bookworm)+2
NVDopenssl/openssl1.1.11.1.1m+24
Debianopenssl/openssl< 1.0.2f-2+11
CVEListV5openssl/opensslFixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb), Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l), Fixed in OpenSSL 3.0.1 (Affected 3.0.0)+2
NVDnodejs/node.js4.2.04.8.7+6

Also affects: Debian Linux 10.0, 11.0, 8.0, 9.0

🔴Vulnerability Details

6
GHSA
GHSA-gj3m-w8pf-46c5: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli2022-05-14
GHSA
GHSA-v9p6-6jhc-fhfp: The DH_check_pub_key function in crypto/dh/dh_check2022-05-13
GHSA
GHSA-ph2x-8239-7xc7: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure2022-02-08
OSV
CVE-2021-4160: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure2022-01-28
OSV
CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli2017-12-07

📋Vendor Advisories

11
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices2022-12-19
Red Hat
openssl: Carry propagation bug in the MIPS32 and MIPS64 squaring procedure2022-01-28
Debian
CVE-2021-4160: openssl - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Ma...2021
BSD
FreeBSD-SA-17:12.openssl: OpenSSL multiple vulnerabilities2017-12-09
Red Hat
openssl: rsaz_1024_mul_avx2 overflow bug on x86_642017-12-07

💬Community

5
Bugzilla
CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_642017-12-08
Bugzilla
CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM2016-04-28
HackerOne
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)2016-03-28
Bugzilla
CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers [fedora-all]2016-01-28
Bugzilla
CVE-2016-0701 OpenSSL: DH small subgroups2016-01-26
CVE-2016-0701 — Sensitive Information Exposure | cvebase