CVE-2016-2183
- Source
- https://cve.org/CVERecord?id=CVE-2016-2183
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2183.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-2183
- Aliases
- Downstream
- Related
- Published
- 2016-09-01T00:59:00.137Z
- Modified
- 2026-04-16T06:18:03.166393452Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
- References
-
- https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability
- https://access.redhat.com/errata/RHSA-2017:3114
- https://access.redhat.com/errata/RHSA-2017:3240
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
- https://access.redhat.com/errata/RHSA-2017:3113
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
- https://seclists.org/bugtraq/2018/Nov/21
- http://www.securityfocus.com/bid/95568
- http://www.splunk.com/view/SP-CAAAPSV
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html
- https://access.redhat.com/errata/RHSA-2018:2123
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html
- http://www.debian.org/security/2016/dsa-3673
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10171
- https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2017-0462.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
- https://www.sigsac.org/ccs/CCS2016/accepted-papers/
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded
- https://security.netapp.com/advisory/ntap-20160915-0001/
- https://support.f5.com/csp/article/K13167034
- https://sweet32.info/
- http://rhn.redhat.com/errata/RHSA-2017-0337.html
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
- http://www.securityfocus.com/archive/1/542005/100/0/threaded
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
- https://security.gentoo.org/glsa/201612-16
- https://access.redhat.com/errata/RHSA-2017:2708
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
- http://www.ubuntu.com/usn/USN-3198-1
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
- https://kc.mcafee.com/corporate/index?page=content&id=SB10197
- http://rhn.redhat.com/errata/RHSA-2017-0338.html
- https://access.redhat.com/errata/RHSA-2020:0451
- http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded
- https://access.redhat.com/errata/RHSA-2019:1245
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
- https://www.tenable.com/security/tns-2016-16
- https://access.redhat.com/errata/RHSA-2017:3239
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
- https://wiki.opendaylight.org/view/Security_Advisories
- https://kc.mcafee.com/corporate/index?page=content&id=SB10310
- http://www.splunk.com/view/SP-CAAAPUE
- https://access.redhat.com/articles/2548661
- https://access.redhat.com/errata/RHSA-2019:2859
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://www.exploit-db.com/exploits/42091/
- https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
- https://access.redhat.com/errata/RHSA-2017:2710
- https://bto.bluecoat.com/security-advisory/sa133
- https://www.tenable.com/security/tns-2016-20
- https://security.gentoo.org/glsa/201707-01
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
- http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
- http://www.securityfocus.com/archive/1/539885/100/0/threaded
- http://www.securityfocus.com/archive/1/540341/100/0/threaded
- https://security.gentoo.org/glsa/201701-65
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://access.redhat.com/errata/RHSA-2017:1216
- http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
- http://www.securityfocus.com/bid/92630
- http://www.ubuntu.com/usn/USN-3194-1
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
- https://kc.mcafee.com/corporate/index?page=content&id=SB10186
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
- http://www.securityfocus.com/archive/1/541104/100/0/threaded
- http://www.ubuntu.com/usn/USN-3270-1
- https://access.redhat.com/errata/RHSA-2017:2709
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
- http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html
- http://seclists.org/fulldisclosure/2017/May/105
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
- http://www.ubuntu.com/usn/USN-3372-1
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215
- https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2017-0336.html
- https://access.redhat.com/security/cve/cve-2016-2183
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html
- http://seclists.org/fulldisclosure/2017/Jul/31
- http://www-01.ibm.com/support/docview.wss?uid=swg21991482
- http://www.ubuntu.com/usn/USN-3087-1
- https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- https://security.netapp.com/advisory/ntap-20170119-0001/
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
- http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
- https://www.tenable.com/security/tns-2017-09
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html
- http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded
- https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://www.ubuntu.com/usn/USN-3087-2
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
- https://www.ietf.org/mail-archive/web/tls/current/msg04560.html
- https://www.openssl.org/blog/blog/2016/08/24/sweet32/
- https://www.tenable.com/security/tns-2016-21
- http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded
- http://www.securitytracker.com/id/1036696
- http://www.ubuntu.com/usn/USN-3179-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1369383
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Affected packages
Git / github.com/nodejs/node
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "6.0.0" }, { "introduced": "0" }, { "last_affected": "1.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "3.0" }, { "introduced": "0" }, { "last_affected": "5.0" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "1.0.1a" }, { "introduced": "0" }, { "last_affected": "1.0.1b" }, { "introduced": "0" }, { "last_affected": "1.0.1c" }, { "introduced": "0" }, { "last_affected": "1.0.1d" }, { "introduced": "0" }, { "last_affected": "1.0.1e" }, { "introduced": "0" }, { "last_affected": "1.0.1f" }, { "introduced": "0" }, { "last_affected": "1.0.1g" }, { "introduced": "0" }, { "last_affected": "1.0.1h" }, { "introduced": "0" }, { "last_affected": "1.0.1i" }, { "introduced": "0" }, { "last_affected": "1.0.1j" }, { "introduced": "0" }, { "last_affected": "1.0.1k" }, { "introduced": "0" }, { "last_affected": "1.0.1l" }, { "introduced": "0" }, { "last_affected": "1.0.1m" }, { "introduced": "0" }, { "last_affected": "1.0.1n" }, { "introduced": "0" }, { "last_affected": "1.0.1o" }, { "introduced": "0" }, { "last_affected": "1.0.1p" }, { "introduced": "0" }, { "last_affected": "1.0.1q" }, { "introduced": "0" }, { "last_affected": "1.0.1r" }, { "introduced": "0" }, { "last_affected": "1.0.1t" }, { "introduced": "0" }, { "last_affected": "1.0.2a" }, { "introduced": "0" }, { "last_affected": "1.0.2b" }, { "introduced": "0" }, { "last_affected": "1.0.2c" }, { "introduced": "0" }, { "last_affected": "1.0.2d" }, { "introduced": "0" }, { "last_affected": "1.0.2e" }, { "introduced": "0" }, { "last_affected": "1.0.2f" }, { "introduced": "0" }, { "last_affected": "1.0.2h" }, { "introduced": "0.10.0" }, { "fixed": "0.10.47" }, { "introduced": "0.12.0" }, { "fixed": "0.12.16" }, { "introduced": "4.0.0" }, { "fixed": "4.1.2" }, { "introduced": "4.2.0" }, { "fixed": "4.6.0" }, { "introduced": "6.0.0" }, { "fixed": "6.7.0" } ] }
Affected versions
openssl-3.*
openssl-3.5.0
openssl-3.5.1
openssl-3.5.2
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.10.41
v0.10.42
v0.10.43
v0.10.44
v0.10.45
v0.10.46
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.8
v0.12.9
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v0.9.8
v0.9.9
v1.*
v1.0.0
v1.0.0-release
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1
v1.1.0
v1.1.1
v1.2
v1.2.0
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3.0
v1.3b1
v1.4
v1.4.1
v1.4.2
v1.4.3
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.0
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6a1
v1.6a2
v1.7.0
v1.7.1
v2.*
v2.0
v2.0.0
v2.0.1
v2.0.2
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1.0
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2.0
v2.2.1
v2.2a3
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3c1
v2.3c2
v2.4
v2.4.0
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v2.5.0
v2.5a0
v2.5a1
v2.5a2
v2.5b1
v2.5b2
v2.5b3
v2.6
v2.6a1
v2.6a2
v2.6a3
v2.6b1
v2.6b2
v2.6b3
v2.6rc1
v2.6rc2
v2.7
v2.7.1
v2.7.10rc1
v2.7.11rc1
v2.7.12rc1
v2.7.13rc1
v2.7.1rc1
v2.7.2rc1
v2.7.3rc1
v2.7.4rc1
v2.7.5
v2.7.6rc1
v2.7.8
v2.7.9rc1
v2.7a1
v2.7a2
v2.7a3
v2.7a4
v2.7b1
v2.7b2
v2.7rc1
v2.7rc2
v3.*
v3.0.0
v3.4.0
v3.4.1
v3.4.1rc1
v3.4.2rc1
v3.4.3
v3.4.3rc1
v3.4.5
v3.4.5rc1
v3.4.6
v3.4.6rc1
v3.4.7rc1
v4.*
v4.0.0
v4.1.0
v4.1.1
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v5.*
v5.0.0
v6.*
v6.0.0
v6.1.0
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v7.*
v7.0.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2183.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.6.6-068"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.7.0-006"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.2.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.1.0.2"
}
]
}
]