CVE-2016-6882

NONE EPSS 67.0%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.

Threat Intelligence

EPSS Exploit Probability
67.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-320

Affected Products 1

VendorProductVersionRange
matrixsslmatrixssl* ≤3.8.6

References 5

  • openwall.com http://www.openwall.com/lists/oss-security/2016/08/19/7
    Mailing ListPatch
  • securityfocus.com http://www.securityfocus.com/bid/91488
  • access.redhat.com https://access.redhat.com/blogs/766093/posts/1976703
    Third Party Advisory
  • github.com https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation
    PatchRelease Notes
  • people.redhat.com https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
    Technical Description

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2016/08/19/7
    Mailing ListPatch
  • github.com https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation
    PatchRelease Notes