What is CVE-2016-0701?

CVE-2016-0701 is a low-severity vulnerability in Openssl, classified under Information Disclosure. CVSS score: 3.7/10. Published 2016-02-15.

How severe is CVE-2016-0701?

Low severity. CVSS v3 base score is 3.7 out of 10.

Is CVE-2016-0701 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Openssl

CVE-2016-0701

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private…

Vulnerability class: Information Disclosure

EPSS: 0.836 (99.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Openssl — versions 1.0.2, 1.0.2a, 1.0.2b
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

FEDORA-2016-527018d2ff (vendor-advisory)
1034849 (vdb-entry)
GLSA-201601-05 (vendor-advisory)
82233 (vdb-entry)
91787 (vdb-entry)
VU#257823 (third-party-advisory)
openSUSE-SU-2016:0637 (vendor-advisory)
USN-2883-1 (vendor-advisory)
secalert@redhat.com
secalert@redhat.com

Frequently asked questions

What is CVE-2016-0701?: CVE-2016-0701 is a low-severity vulnerability in Openssl, classified under Information Disclosure. CVSS score: 3.7/10. Published 2016-02-15.
How severe is CVE-2016-0701?: Low severity. CVSS v3 base score is 3.7 out of 10.
Is CVE-2016-0701 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.