CVE-2016-7798 : The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

Published 2017-01-30 22:59:01

Updated 2020-11-05 14:56:15

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-7798

Probability of exploitation activity in the next 30 days: 0.38%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-7798

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-7798

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7798

http://www.securityfocus.com/bid/93031

Ruby OpenSSL Security Bypass Vulnerability
Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2016/09/19/9

oss-security - CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode
Mailing List;Third Party Advisory
https://github.com/ruby/openssl/issues/49

Possible bug: order of setting key vs. IV affects encryption with AES GCM · Issue #49 · ruby/openssl · GitHub
Exploit;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

[SECURITY] [DLA 1421-1] ruby2.1 security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/09/30/6

oss-security - Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode
Mailing List;Patch;Third Party Advisory
https://www.debian.org/security/2017/dsa-3966

Debian -- Security Information -- DSA-3966-1 ruby2.3
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/10/01/2

oss-security - Re: CVE Request - Ruby OpenSSL Library - IV Reuse in GCM Mode
Mailing List;Third Party Advisory
https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062

cipher: don't set dummy encryption key in Cipher#initialize · ruby/openssl@8108e0a · GitHub
Patch;Third Party Advisory

Products affected by CVE-2016-7798

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Ruby-lang » Openssl » For Ruby
Versions before (<) 2.0.0
cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*
Matching versions

Vulnerability Details : CVE-2016-7798

Exploit prediction scoring system (EPSS) score for CVE-2016-7798

CVSS scores for CVE-2016-7798

CWE ids for CVE-2016-7798

References for CVE-2016-7798

Products affected by CVE-2016-7798