{"id":"CVE-2016-7056","details":"A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.","modified":"2026-04-11T12:04:43.462807Z","published":"2018-09-10T16:29:00.543Z","related":["SUSE-SU-2017:0461-1","SUSE-SU-2017:0495-1","SUSE-SU-2017:0585-1","SUSE-SU-2017:0605-1","SUSE-SU-2017:2700-1","SUSE-SU-2018:0112-1","openSUSE-SU-2024:11125-1","openSUSE-SU-2024:11126-1","openSUSE-SU-2024:11127-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"12.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"14.04"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"6.0"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}]}]},"references":[{"type":"WEB","url":"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-1415.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95375"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1413"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1414"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1801"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1802"},{"type":"ADVISORY","url":"https://eprint.iacr.org/2016/1195"},{"type":"ADVISORY","url":"https://seclists.org/oss-sec/2017/q1/52"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3773"},{"type":"FIX","url":"http://www.securitytracker.com/id/1037575"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056"},{"type":"FIX","url":"https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig"},{"type":"FIX","url":"https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig"},{"type":"FIX","url":"https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html"},{"type":"FIX","url":"https://security-tracker.debian.org/tracker/CVE-2016-7056"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"last_affected":"888759a1d38197f29de7227876c3b58fbff8549f"}],"database_specific":{"cpe":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.0.1u"}]}}],"versions":["OpenSSL_1_0_1","OpenSSL_1_0_1-beta1","OpenSSL_1_0_1-beta2","OpenSSL_1_0_1-beta3","OpenSSL_1_0_1-post-auto-reformat","OpenSSL_1_0_1-post-reformat","OpenSSL_1_0_1-pre-auto-reformat","OpenSSL_1_0_1-pre-reformat","OpenSSL_1_0_1a","OpenSSL_1_0_1b","OpenSSL_1_0_1c","OpenSSL_1_0_1d","OpenSSL_1_0_1e","OpenSSL_1_0_1f","OpenSSL_1_0_1g","OpenSSL_1_0_1h","OpenSSL_1_0_1i","OpenSSL_1_0_1j","OpenSSL_1_0_1k","OpenSSL_1_0_1l","OpenSSL_1_0_1m","OpenSSL_1_0_1n","OpenSSL_1_0_1o","OpenSSL_1_0_1p","OpenSSL_1_0_1q","OpenSSL_1_0_1r","OpenSSL_1_0_1s","OpenSSL_1_0_1t","OpenSSL_1_0_1u"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7056.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}