Encryption Protection Bypass The advisory has been revoked - it doesn't affect any version of package openssl Open this link in a new tab

Threat Intelligence

EPSS 0.38% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-OPENSSL-455612
published 30 Jul 2019
disclosed 20 Sep 2016
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 20 Sep 2016

CVE-2016-7798 Open this link in a new tab CWE-310 Open this link in a new tab

Amendment

This was deemed not a vulnerability.

Overview

openssl is a package that wraps the OpenSSL library.

Affected versions of this package are vulnerable to Encryption Protection Bypass. It uses the same initialization vector in GCM Mode when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

Encryption Protection Bypass The advisory has been revoked - it doesn't affect any version of package openssl Open this link in a new tab

Threat Intelligence

Introduced: 20 Sep 2016

Amendment

Overview

References