CVE-2016-7440

CVSS v3.1 5.5 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (10^th)

Affected Products 4

Advisories 8

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2016-12-13 16:59:10
(7 years ago)
Updated Date: 2022-10-27 15:59:52
(23 months ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Mariadb from 5.5.0 version and prior 5.5.53 version	cpe:2.3:a:mariadb:mariadb	>= 5.5.0	< 5.5.53
Mariadb from 10.0.0 version and prior 10.0.28 version	cpe:2.3:a:mariadb:mariadb	>= 10.0.0	< 10.0.28
Mariadb from 10.1.0 version and prior 10.1.19 version	cpe:2.3:a:mariadb:mariadb	>= 10.1.0	< 10.1.19

Configuration #2

	CPE23	From	Up To
Oracle Mysql from 5.5.0 version and 5.5.52 and prior versions	cpe:2.3:a:oracle:mysql	>= 5.5.0	<= 5.5.52
Oracle Mysql from 5.6.0 version and 5.6.33 and prior versions	cpe:2.3:a:oracle:mysql	>= 5.6.0	<= 5.6.33
Oracle Mysql from 5.7.0 version and 5.7.15 and prior versions	cpe:2.3:a:oracle:mysql	>= 5.7.0	<= 5.7.15

Configuration #3

		CPE23	From	Up To
	Wolfssl prior 3.9.10 version	cpe:2.3:a:wolfssl:wolfssl		< 3.9.10

Configuration #4

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Weaknesses

Affected Products

Debian

Mariadb

Oracle

Wolfssl

Configuration #1

Configuration #2

Configuration #3

Configuration #4