Veracode Vulnerability DatabaseVERACODE:3248Information Disclosure
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
mcrypt is vulnerable to information exposure. The vulnerability exists because TLS, SSH, and IPSec protocols have missing validate birthday bound which allows to remote attack access confidential information in system.
References
kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html
lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html
lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html
lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html
lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html
lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html
lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
rhn.redhat.com/errata/RHSA-2017-0336.html
rhn.redhat.com/errata/RHSA-2017-0337.html
rhn.redhat.com/errata/RHSA-2017-0338.html
rhn.redhat.com/errata/RHSA-2017-0462.html
seclists.org/fulldisclosure/2017/Jul/31
seclists.org/fulldisclosure/2017/May/105
www-01.ibm.com/support/docview.wss?uid=nas8N1021697
www-01.ibm.com/support/docview.wss?uid=swg21991482
www-01.ibm.com/support/docview.wss?uid=swg21995039
www.debian.org/security/2016/dsa-3673
www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
www.securityfocus.com/archive/1/539885/100/0/threaded
www.securityfocus.com/archive/1/540341/100/0/threaded
www.securityfocus.com/archive/1/541104/100/0/threaded
www.securityfocus.com/archive/1/542005/100/0/threaded
www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded
www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded
www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded
www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded
www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded
www.securityfocus.com/bid/92630
www.securityfocus.com/bid/95568
www.securitytracker.com/id/1036696
www.splunk.com/view/SP-CAAAPSV
www.splunk.com/view/SP-CAAAPUE
www.ubuntu.com/usn/USN-3087-1
www.ubuntu.com/usn/USN-3087-2
www.ubuntu.com/usn/USN-3179-1
www.ubuntu.com/usn/USN-3194-1
www.ubuntu.com/usn/USN-3198-1
www.ubuntu.com/usn/USN-3270-1
www.ubuntu.com/usn/USN-3372-1
access.redhat.com/articles/2548661
access.redhat.com/errata/RHBA-2019:2581
access.redhat.com/errata/RHSA-2016:1940
access.redhat.com/errata/RHSA-2017:0336
access.redhat.com/errata/RHSA-2017:0337
access.redhat.com/errata/RHSA-2017:0338
access.redhat.com/errata/RHSA-2017:0462
access.redhat.com/errata/RHSA-2017:1216
access.redhat.com/errata/RHSA-2017:2708
access.redhat.com/errata/RHSA-2017:2709
access.redhat.com/errata/RHSA-2017:2710
access.redhat.com/errata/RHSA-2017:3113
access.redhat.com/errata/RHSA-2017:3114
access.redhat.com/errata/RHSA-2017:3239
access.redhat.com/errata/RHSA-2017:3240
access.redhat.com/errata/RHSA-2018:2123
access.redhat.com/errata/RHSA-2019:1245
access.redhat.com/errata/RHSA-2019:2859
access.redhat.com/errata/RHSA-2020:0451
access.redhat.com/errata/RHSA-2020:3842
access.redhat.com/errata/RHSA-2021:0308
access.redhat.com/errata/RHSA-2021:2438
access.redhat.com/security/cve/cve-2016-2183
blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
bto.bluecoat.com/security-advisory/sa133
bugzilla.redhat.com/show_bug.cgi?id=1369383
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
github.com/ssllabs/ssllabs-scan/issues/481
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
kc.mcafee.com/corporate/index?page=content&id=SB10171
kc.mcafee.com/corporate/index?page=content&id=SB10186
kc.mcafee.com/corporate/index?page=content&id=SB10197
kc.mcafee.com/corporate/index?page=content&id=SB10215
kc.mcafee.com/corporate/index?page=content&id=SB10310
nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
nodejs.org/en/blog/vulnerability/september-2016-security-releases/
seclists.org/bugtraq/2018/Nov/21
security.gentoo.org/glsa/201612-16
security.gentoo.org/glsa/201701-65
security.gentoo.org/glsa/201707-01
security.netapp.com/advisory/ntap-20160915-0001/
security.netapp.com/advisory/ntap-20170119-0001/
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
support.f5.com/csp/article/K13167034
sweet32.info/
wiki.opendaylight.org/view/Security_Advisories
www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
www.exploit-db.com/exploits/42091/
www.ietf.org/mail-archive/web/tls/current/msg04560.html
www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
www.openssl.org/blog/blog/2016/08/24/sweet32/
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
www.sigsac.org/ccs/CCS2016/accepted-papers/
www.tenable.com/security/tns-2016-16
www.tenable.com/security/tns-2016-20
www.tenable.com/security/tns-2016-21
www.tenable.com/security/tns-2017-09
www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N