CVE-2016-6225
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.
xbcrypt en Percona XtraBackup en versiones anteriores a 2.3.6 y 2.4.x en versiones anteriores a 2.4.5 no establece apropiadamente el vector de inicialización (IV) para cifrado, lo que hace más fácil a atacantes dependientes del contexto obtener información sensible de archivos backup cifrados a través de un ataque de texto plano escogido. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2013-6394.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-15 CVE Reserved
- 2017-03-23 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-326: Inadequate Encryption Strength
CAPEC
References (8)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949 | 2023-11-07 | |
| https://github.com/percona/percona-xtrabackup/pull/266 | 2023-11-07 | |
| https://github.com/percona/percona-xtrabackup/pull/267 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Percona Search vendor "Percona" | Xtrabackup Search vendor "Percona" for product "Xtrabackup" | <= 2.3.5 Search vendor "Percona" for product "Xtrabackup" and version " <= 2.3.5" | - |
Affected
| ||||||
| Percona Search vendor "Percona" | Xtrabackup Search vendor "Percona" for product "Xtrabackup" | 2.4.0 Search vendor "Percona" for product "Xtrabackup" and version "2.4.0" | rc1 |
Affected
| ||||||
| Percona Search vendor "Percona" | Xtrabackup Search vendor "Percona" for product "Xtrabackup" | 2.4.1 Search vendor "Percona" for product "Xtrabackup" and version "2.4.1" | - |
Affected
| ||||||
| Percona Search vendor "Percona" | Xtrabackup Search vendor "Percona" for product "Xtrabackup" | 2.4.2 Search vendor "Percona" for product "Xtrabackup" and version "2.4.2" | - |
Affected
| ||||||
| Percona Search vendor "Percona" | Xtrabackup Search vendor "Percona" for product "Xtrabackup" | 2.4.3 Search vendor "Percona" for product "Xtrabackup" and version "2.4.3" | - |
Affected
| ||||||
| Percona Search vendor "Percona" | Xtrabackup Search vendor "Percona" for product "Xtrabackup" | 2.4.4 Search vendor "Percona" for product "Xtrabackup" and version "2.4.4" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.2 Search vendor "Opensuse" for product "Leap" and version "42.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 24 Search vendor "Fedoraproject" for product "Fedora" and version "24" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 25 Search vendor "Fedoraproject" for product "Fedora" and version "25" | - |
Affected
| ||||||