CVE-2016-6882
NONE EPSS 67.0%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
Threat Intelligence
EPSS Exploit Probability
67.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-320
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| matrixssl | matrixssl | * | ≤3.8.6 |
References 5
- openwall.com http://www.openwall.com/lists/oss-security/2016/08/19/7
- securityfocus.com http://www.securityfocus.com/bid/91488
- access.redhat.com https://access.redhat.com/blogs/766093/posts/1976703
- github.com https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation
- people.redhat.com https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2016/08/19/7
- github.com https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation