// For flags

CVE-2016-2178

openssl: Non-constant time codepath followed for certain operations in DSA implementation

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

La función dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versión 1.0.2h no asegura correctamente la utilización de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a través de un ataque de sincronización de canal lateral.

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system.

USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. CAsar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio function. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-01-29 CVE Reserved
  • 2016-06-20 CVE Published
  • 2024-08-05 CVE Updated
  • 2025-07-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-203: Observable Discrepancy
  • CWE-385: Covert Timing Channel
CAPEC
References (70)
URL Tag Source
http://eprint.iacr.org/2016/594.pdf Technical Description
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 Third Party Advisory
http://seclists.org/fulldisclosure/2017/Jul/31 Mailing List
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/08/10 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/11 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/12 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/4 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/5 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/6 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/7 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/08/8 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/09/2 Mailing List
http://www.openwall.com/lists/oss-security/2016/06/09/8 Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory
http://www.securityfocus.com/bid/91081 Third Party Advisory
http://www.securitytracker.com/id/1036054 Third Party Advisory
http://www.splunk.com/view/SP-CAAAPSV Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUE Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa132 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 Third Party Advisory
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases Third Party Advisory
https://support.f5.com/csp/article/K53084033 Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 Third Party Advisory
https://www.tenable.com/security/tns-2016-16 Third Party Advisory
https://www.tenable.com/security/tns-2016-20 Third Party Advisory
https://www.tenable.com/security/tns-2016-21 Third Party Advisory
URL Date SRC
URL Date SRC
http://www.openwall.com/lists/oss-security/2016/06/08/2 2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html 2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html 2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html 2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html 2023-11-07
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html 2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1343400 2017-06-28
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-1940.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-2957.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2017-1659.html 2023-11-07
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl 2023-11-07
http://www.debian.org/security/2016/dsa-3673 2023-11-07
http://www.ubuntu.com/usn/USN-3087-1 2023-11-07
http://www.ubuntu.com/usn/USN-3087-2 2023-11-07
https://access.redhat.com/errata/RHSA-2017:0193 2023-11-07
https://access.redhat.com/errata/RHSA-2017:0194 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1658 2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc 2023-11-07
https://security.gentoo.org/glsa/201612-16 2023-11-07
https://access.redhat.com/security/cve/CVE-2016-2178 2017-06-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1
Search vendor "Openssl" for product "Openssl" and version "1.0.1"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1a
Search vendor "Openssl" for product "Openssl" and version "1.0.1a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1b
Search vendor "Openssl" for product "Openssl" and version "1.0.1b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1c
Search vendor "Openssl" for product "Openssl" and version "1.0.1c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1d
Search vendor "Openssl" for product "Openssl" and version "1.0.1d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1e
Search vendor "Openssl" for product "Openssl" and version "1.0.1e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1f
Search vendor "Openssl" for product "Openssl" and version "1.0.1f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1g
Search vendor "Openssl" for product "Openssl" and version "1.0.1g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1h
Search vendor "Openssl" for product "Openssl" and version "1.0.1h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1i
Search vendor "Openssl" for product "Openssl" and version "1.0.1i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1j
Search vendor "Openssl" for product "Openssl" and version "1.0.1j"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1k
Search vendor "Openssl" for product "Openssl" and version "1.0.1k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1l
Search vendor "Openssl" for product "Openssl" and version "1.0.1l"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1m
Search vendor "Openssl" for product "Openssl" and version "1.0.1m"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1n
Search vendor "Openssl" for product "Openssl" and version "1.0.1n"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1o
Search vendor "Openssl" for product "Openssl" and version "1.0.1o"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1p
Search vendor "Openssl" for product "Openssl" and version "1.0.1p"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1q
Search vendor "Openssl" for product "Openssl" and version "1.0.1q"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1r
Search vendor "Openssl" for product "Openssl" and version "1.0.1r"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1s
Search vendor "Openssl" for product "Openssl" and version "1.0.1s"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1t
Search vendor "Openssl" for product "Openssl" and version "1.0.1t"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2a
Search vendor "Openssl" for product "Openssl" and version "1.0.2a"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2b
Search vendor "Openssl" for product "Openssl" and version "1.0.2b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2c
Search vendor "Openssl" for product "Openssl" and version "1.0.2c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2d
Search vendor "Openssl" for product "Openssl" and version "1.0.2d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2e
Search vendor "Openssl" for product "Openssl" and version "1.0.2e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2f
Search vendor "Openssl" for product "Openssl" and version "1.0.2f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2g
Search vendor "Openssl" for product "Openssl" and version "1.0.2g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2h
Search vendor "Openssl" for product "Openssl" and version "1.0.2h"
-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
 5
Search vendor "Oracle" for product "Linux" and version "5"
-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
 6
Search vendor "Oracle" for product "Linux" and version "6"
-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
 7
Search vendor "Oracle" for product "Linux" and version "7"
-
Affected
Oracle
Search vendor "Oracle"
 Solaris
Search vendor "Oracle" for product "Solaris"
 10
Search vendor "Oracle" for product "Solaris" and version "10"
-
Affected
Oracle
Search vendor "Oracle"
 Solaris
Search vendor "Oracle" for product "Solaris"
 11.3
Search vendor "Oracle" for product "Solaris" and version "11.3"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise
Search vendor "Suse" for product "Linux Enterprise"
 12.0
Search vendor "Suse" for product "Linux Enterprise" and version "12.0"
-
Affected
Nodejs
Search vendor "Nodejs"
 Node.js
Search vendor "Nodejs" for product "Node.js"
 >= 0.10.0 < 0.10.47
Search vendor "Nodejs" for product "Node.js" and version " >= 0.10.0 < 0.10.47"
-
Affected
Nodejs
Search vendor "Nodejs"
 Node.js
Search vendor "Nodejs" for product "Node.js"
 >= 0.12.0 < 0.12.16
Search vendor "Nodejs" for product "Node.js" and version " >= 0.12.0 < 0.12.16"
-
Affected
Nodejs
Search vendor "Nodejs"
 Node.js
Search vendor "Nodejs" for product "Node.js"
 >= 4.0.0 <= 4.1.2
Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 <= 4.1.2"
-
Affected
Nodejs
Search vendor "Nodejs"
 Node.js
Search vendor "Nodejs" for product "Node.js"
 >= 4.2.0 < 4.6.0
Search vendor "Nodejs" for product "Node.js" and version " >= 4.2.0 < 4.6.0"
lts
Affected
Nodejs
Search vendor "Nodejs"
 Node.js
Search vendor "Nodejs" for product "Node.js"
 >= 5.0.0 < 6.7.0
Search vendor "Nodejs" for product "Node.js" and version " >= 5.0.0 < 6.7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
esm
Affected