CVE-2016-0703

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-0703
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0703.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-0703
Related
Published
2016-03-02T11:59:00Z
Modified
2024-09-18T02:08:03.860798Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

References

Affected packages

Debian:11 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0c-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0c-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.0c-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
08e4c7a967cc9d82264d125440d8b17b912bd250
Last affected
2c5db8dac3a06fe5b2c889838a606138ee3542ed
Last affected
2f63ad1c6daa61614f3d58de0889bf68e9f75853
Last affected
56327ebe6a7675001b382ca5e5531c598e1b2261
Last affected
65fc4c55bea222e4ba542b383a32bdc7534e058b
Last affected
888759a1d38197f29de7227876c3b58fbff8549f
Last affected
94f416601754dbe65e287f8e1eca01fa32f74a7a
Last affected
ab585551c0a577d9a91825d446465905a5ea17e3
Last affected
bc0ecd202ab37f02b9d7dd610cbb0cf98db9fb52
Last affected
c2ef67100cd0ca2321b5f1a437abb93fc7e11e37
Last affected
ce052c8437fb97cbc57f034fa94b5bcd749dbf52
Last affected
d8faad27b70ccab9aad1a4af815f4d07cc5da1b5
Last affected
e2dfb655f798831ffb29242ad804013ddb0c5d5b
Last affected
e614ec476957b0b09a2b302c3d68003ed8395ed5
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8

Affected versions

Other

BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_0_9_8
OpenSSL_0_9_8-beta1
OpenSSL_0_9_8-beta2
OpenSSL_0_9_8-beta4
OpenSSL_0_9_8-beta5
OpenSSL_0_9_8-beta6
OpenSSL_0_9_8-post-auto-reformat
OpenSSL_0_9_8-post-reformat
OpenSSL_0_9_8-pre-auto-reformat
OpenSSL_0_9_8-pre-reformat
OpenSSL_0_9_8a
OpenSSL_0_9_8b
OpenSSL_0_9_8c
OpenSSL_0_9_8d
OpenSSL_0_9_8e
OpenSSL_0_9_8h
OpenSSL_0_9_8i
OpenSSL_0_9_8j
OpenSSL_0_9_8m
OpenSSL_0_9_8m-beta1
OpenSSL_0_9_8n
OpenSSL_0_9_8o
OpenSSL_0_9_8p
OpenSSL_0_9_8q
OpenSSL_0_9_8r
OpenSSL_0_9_8s
OpenSSL_0_9_8t
OpenSSL_0_9_8u
OpenSSL_0_9_8v
OpenSSL_0_9_8w
OpenSSL_0_9_8x
OpenSSL_0_9_8y
OpenSSL_0_9_8za
OpenSSL_0_9_8zb
OpenSSL_0_9_8zc
OpenSSL_0_9_8zd
OpenSSL_0_9_8ze
OpenSSL_0_9_8zf
OpenSSL_0_9_8zg
OpenSSL_0_9_8zh
OpenSSL_1_0_0
OpenSSL_1_0_0-beta1
OpenSSL_1_0_0-beta2
OpenSSL_1_0_0-beta3
OpenSSL_1_0_0-beta4
OpenSSL_1_0_0-beta5
OpenSSL_1_0_0a
OpenSSL_1_0_1-beta1
OpenSSL_1_0_1-beta2
OpenSSL_1_0_1-beta3