cbcvebase.
CVE-2016-2178
published 2016-06-20

CVE-2016-2178: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it…

medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

Affected

54 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianopenssl< openssl 1.0.2i-1 (bookworm)openssl 1.0.2i-1 (bookworm)
nodejsnode.js>= 0.10.0 < 0.10.470.10.47
nodejsnode.js>= 0.12.0 < 0.12.160.12.16
nodejsnode.js4.0.0 – 4.1.2
nodejsnode.js>= 4.2.0 < 4.6.04.6.0
nodejsnode.js>= 5.0.0 < 6.7.06.7.0
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv9.8CRITICAL