Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2016-0702

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.

  • Published: Mar 3, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-0702
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.1
  • AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 1.9
  • AV:L/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
openssl / openssl 1.0.1m 1.0.1m.x
openssl / openssl 1.0.2a 1.0.2a.x
openssl / openssl 1.0.1j 1.0.1j.x
openssl / openssl 1.0.1-beta2 1.0.1-beta2.x
openssl / openssl 1.0.1h 1.0.1h.x
openssl / openssl 1.0.2e 1.0.2e.x
openssl / openssl 1.0.1r 1.0.1r.x
openssl / openssl 1.0.2b 1.0.2b.x
openssl / openssl 1.0.1c 1.0.1c.x
openssl / openssl 1.0.1g 1.0.1g.x
openssl / openssl 1.0.1-beta3 1.0.1-beta3.x
openssl / openssl 1.0.1a 1.0.1a.x
openssl / openssl 1.0.1-beta1 1.0.1-beta1.x
openssl / openssl 1.0.1d 1.0.1d.x
openssl / openssl 1.0.2c 1.0.2c.x
openssl / openssl 1.0.2-beta3 1.0.2-beta3.x
openssl / openssl 1.0.1p 1.0.1p.x
openssl / openssl 1.0.2-beta1 1.0.2-beta1.x
openssl / openssl 1.0.1k 1.0.1k.x
openssl / openssl 1.0.1b 1.0.1b.x
openssl / openssl 1.0.1n 1.0.1n.x
openssl / openssl 1.0.1q 1.0.1q.x
openssl / openssl 1.0.1e 1.0.1e.x
openssl / openssl 1.0.1l 1.0.1l.x
openssl / openssl 1.0.1f 1.0.1f.x
openssl / openssl 1.0.1o 1.0.1o.x
openssl / openssl 1.0.2 1.0.2.x
openssl / openssl 1.0.2f 1.0.2f.x
openssl / openssl 1.0.1i 1.0.1i.x
openssl / openssl 1.0.2-beta2 1.0.2-beta2.x
openssl / openssl 1.0.1 1.0.1.x
openssl / openssl 1.0.2d 1.0.2d.x
nodejs / node.js 4.0.0 4.1.2.x
nodejs / node.js 4.2.0 4.3.2
nodejs / node.js 5.0.0 5.7.1
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x
canonical / ubuntu_linux 15.10 15.10.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 12.04 12.04.x