CVE-2016-6882

Published: Mar 3, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.

Affected (1)

Products: Matrixssl: Matrixssl

Matrixssl

1 product

Matrixssl

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matrixssl Matrixssl	Up to 3.8.6

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-320

References (10)

http://www.openwall.com/lists/oss-security/2016/08/19/7

Source: cve@mitre.org

Mailing ListPatch

http://www.securityfocus.com/bid/91488

Source: cve@mitre.org

https://access.redhat.com/blogs/766093/posts/1976703

Source: cve@mitre.org

Third Party Advisory

https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation

Source: cve@mitre.org

PatchRelease Notes

https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf

Source: cve@mitre.org

Technical Description

http://www.openwall.com/lists/oss-security/2016/08/19/7