{"id":"CVE-2016-0701","details":"The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.","modified":"2026-04-07T23:11:24.627172Z","published":"2016-02-15T02:59:18.013Z","related":["MGASA-2016-0056","openSUSE-SU-2024:10271-1","openSUSE-SU-2024:10529-1","openSUSE-SU-2024:11127-1"],"references":[{"type":"WEB","url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/82233"},{"type":"WEB","url":"http://www.securityfocus.com/bid/91787"},{"type":"WEB","url":"http://www.securitytracker.com/id/1034849"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"type":"WEB","url":"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648"},{"type":"WEB","url":"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2"},{"type":"WEB","url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us"},{"type":"WEB","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821"},{"type":"WEB","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"},{"type":"WEB","url":"https://www.kb.cert.org/vuls/id/257823"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"ADVISORY","url":"http://www.openssl.org/news/secadv/20160128.txt"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2883-1"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201601-05"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"ARTICLE","url":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"4ac0329582829f5378d8078c8d314ad37db87736"},{"fixed":"95605f3ae1ec8857e8cb612ce35805a3b0207d21"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"1.0.2"},{"fixed":"1.0.2f"}],"cpe":["cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*","cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*"]}}],"versions":["1.0.2","1.0.2-beta1","1.0.2-beta2","1.0.2-beta3","1.0.2a","1.0.2b","1.0.2c","1.0.2d","1.0.2e","OpenSSL_1_0_2","OpenSSL_1_0_2a","OpenSSL_1_0_2b","OpenSSL_1_0_2c","OpenSSL_1_0_2d","OpenSSL_1_0_2e"],"database_specific":{"vanir_signatures_modified":"2026-04-07T23:11:24Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"source":"https://github.com/openssl/openssl/commit/95605f3ae1ec8857e8cb612ce35805a3b0207d21","signature_type":"Line","target":{"file":"crypto/opensslv.h"},"id":"CVE-2016-0701-0aaf37f6","digest":{"line_hashes":["148029424052934803331211646646150309470","297224766741570165540841011430904355399","279404135939441039589908012087022866338","291925673690878877945865960478870857538","19054597365316541678142098092550582161","56743692971644723600473384804813888343","339375801635017027508014490563703739240","31590020450961126615374648436347486200"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0701.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}