CVE-2016-7440 — Wolfssl vulnerability
11 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 76.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 13
Latest updateMay 13
Description
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 8.0
Patches
🔴Vulnerability Details
2📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2016-3492 CVE-2016-5507 CVE-2016-5609 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5626 CVE-2016-5627 CVE-2016-5629 CVE-2016-5630 CVE-2016-8283 CVE-2016-8284 CVE-2016-8288 community-mysql: v↗2016-10-19
Bugzilla▶
CVE-2016-3492 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-8283 mariadb-galera: various flaws [fedora-all]↗2016-10-19
Bugzilla▶
CVE-2016-5584 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU October 2016)↗2016-10-19
Bugzilla▶
CVE-2016-3492 CVE-2016-5612 CVE-2016-5616 CVE-2016-5617 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-8283 mariadb: various flaws [fedora-all]↗2016-10-19