CVE-2016-6882

MEDIUM

MatrixSSL < 3.8.7 - Exposure of Sensitive Information via Lenstra Side-Channel Attack

Title source: llm
STIX 2.1

Description

MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.

References (5)

Core 5
Core References
Mailing List, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/08/19/7
Technical Description x_refsource_misc
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
Third Party Advisory x_refsource_misc
https://access.redhat.com/blogs/766093/posts/1976703
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91488

Scores

CVSS v3 5.9
EPSS 0.0130
EPSS Percentile 67.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-320
Status published
Products (1)
matrixssl/matrixssl < 3.8.6
Published Mar 03, 2017
Tracked Since Feb 18, 2026