Medium severity5.5NVD Advisory· Published Sep 10, 2018· Updated Jun 17, 2026
CVE-2016-7056
CVE-2016-7056
Description
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25<=1.0.1u+ 1 more
- (no CPE)range: <=1.0.1u
- (no CPE)range: openssl 1.0.1u
- osv-coords23 versionspkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012pkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITYpkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/openssl&distro=SUSE%20Manager%202.1pkg:rpm/suse/openssl&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/openssl&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openssl&distro=SUSE%20Studio%20Onsite%201.3
< 1.0.2u-6.2+ 22 more
- (no CPE)range: < 1.0.2u-6.2
- (no CPE)range: < 1.1.1l-1.2
- (no CPE)range: < 0.9.8j-105.1
- (no CPE)range: < 0.9.8j-105.1
- (no CPE)range: < 0.9.8j-105.1
- (no CPE)range: < 0.9.8j-105.1
- (no CPE)range: < 0.9.8j-105.1
- (no CPE)range: < 1.0.1g-0.57.1
- (no CPE)range: < 1.0.1i-54.5.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 1.0.1i-54.5.1
- (no CPE)range: < 1.0.1i-27.28.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 1.0.1i-54.5.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 1.0.1i-54.5.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 0.9.8j-0.105.1
- (no CPE)range: < 0.9.8j-0.105.1
Patches
Vulnerability mechanics
References
16- www.securitytracker.com/id/1037575nvdPatchThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.signvdPatchThird Party Advisory
- ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.signvdPatchThird Party Advisory
- people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.htmlnvdPatchThird Party Advisory
- security-tracker.debian.org/tracker/CVE-2016-7056nvdPatchThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2017-1415.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/95375nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:1413nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:1414nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:1801nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:1802nvdThird Party Advisory
- eprint.iacr.org/2016/1195nvdThird Party Advisory
- seclists.org/oss-sec/2017/q1/52nvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-3773nvdThird Party Advisory
- git.openssl.orgnvd
News mentions
0No linked articles in our index yet.