cbcvebase.
CVE-2016-0701
published 2016-02-15

CVE-2016-0701: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH)…

PriorityP434low3.7CVSS 3.0
AVNACHPRNUINSUCLINAN
EPSS
83.64%
99.7th percentile
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Affected

64 ranges· showing 25
VendorProductVersion rangeFixed in
ciscoproducts
debiandebian_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianopenssl< openssl 1.1.0h-1 (bookworm)openssl 1.1.0h-1 (bookworm)
debianopenssl< openssl 1.1.1m-1 (bookworm)openssl 1.1.1m-1 (bookworm)
debianopenssl< openssl 1.0.2f-2 (bookworm)openssl 1.0.2f-2 (bookworm)
nodejsnode.js4.0.0 – 4.1.2
nodejsnode.js>= 4.2.0 < 4.8.74.8.7
nodejsnode.js6.0.0 – 6.8.1
nodejsnode.js>= 6.9.0 < 6.12.26.12.2
nodejsnode.js8.0.0 – 8.8.1
nodejsnode.js>= 8.9.0 < 8.9.38.9.3
nodejsnode.js>= 9.0.0 < 9.2.19.2.1
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2016-0701 mitigates DH1024 private key reuse across multiple TLS clients; servers sharing DH1024 private keys among multiple clients are the meaningful attack target for related DH1024 carry-propagation bugs
  • ·CVE-2016-0701 enforces that DH1024 private keys must NOT be shared across multiple TLS clients; any server configuration reusing DH1024 private keys across sessions/clients is misconfigured and exploitable by related DH1024 carry-propagation vulnerabilities (CVE-2017-3738, CVE-2017-3736, CVE-2017-3732, CVE-2015-3193, CVE-2021-4160)
  • ·CVE-2016-0701 is referenced across multiple OpenSSL DH private-key-reuse advisories as the fix that removed the option of sharing DH private keys; confirm OpenSSL deployments are not configured to reuse DH1024 keys across clients

CVSS provenance

nvdv3.03.7LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.