CVE-2016-7440

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

References

http://www.debian.org/security/2016/dsa-3706

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.securityfocus.com/bid/93659

http://www.securitytracker.com/id/1037050

https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html

Details

Source: MITRE

Published: 2016-12-13

Updated: 2019-12-17

Type: CWE-310

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mariadb:mariadb:10.0.27:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* versions up to 3.9.8 (inclusive)

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
9913MariaDB Server 10.1.x < 10.1.19 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
95597openSUSE Security Update : mariadb (openSUSE-2016-1417)NessusSuSE Local Security Checks
high
95596openSUSE Security Update : mariadb (openSUSE-2016-1416)NessusSuSE Local Security Checks
high
95541MariaDB 10.1.x < 10.1.19 Multiple VulnerabilitiesNessusDatabases
medium
95540MariaDB 10.0.x < 10.0.28 Multiple VulnerabilitiesNessusDatabases
high
95384SUSE SLED12 / SLES12 Security Update : Recommended update for mariadb (SUSE-SU-2016:2933-1)NessusSuSE Local Security Checks
high
95383SUSE SLES12 Security Update : mariadb (SUSE-SU-2016:2932-1)NessusSuSE Local Security Checks
high
94916Debian DLA-708-1 : mysql-5.5 security updateNessusDebian Local Security Checks
medium
94757SUSE SLES11 Security Update : mysql (SUSE-SU-2016:2780-1)NessusSuSE Local Security Checks
critical
94756openSUSE Security Update : mysql-community-server (openSUSE-2016-1289)NessusSuSE Local Security Checks
critical
94743Debian DSA-3711-1 : mariadb-10.0 - security updateNessusDebian Local Security Checks
high
94694openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)NessusSuSE Local Security Checks
critical
94589Debian DSA-3706-1 : mysql-5.5 - security updateNessusDebian Local Security Checks
medium
9752MariaDB Server 10.0.x < 10.0.28 Multiple VulnerabilitiesNessus Network MonitorDatabase
high
94458FreeBSD : MySQL -- multiple vulnerabilities (9bc14850-a070-11e6-a881-b499baebfeaf)NessusFreeBSD Local Security Checks
medium
94440Slackware 14.1 / 14.2 / current : mariadb (SSA:2016-305-03)NessusSlackware Local Security Checks
high
94287Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3109-1)NessusUbuntu Local Security Checks
medium
94198MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94197MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94196MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)NessusDatabases
critical
94167MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94166MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)NessusDatabases
critical
94165MySQL 5.5.x < 5.5.53 Multiple Vulnerabilities (October 2016 CPU)NessusDatabases
critical