Wind River Support Network


LIN7-6062 : Security Advisory - OpenSSL - CVE-2016-2107

Created: May 3, 2016    Updated: Sep 8, 2018
Resolved Date: May 5, 2016
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Severity: High

A MITM attacker can use a padding oracle attack to decrypt traffic
when the connection uses an AES CBC cipher and the server support

This issue was introduced as part of the fix for Lucky 13 padding
attack (CVE-2013-0169). The padding check was rewritten to be in
constant time by making sure that always the same bytes are read and
compared against either the MAC or padding bytes. But it no longer
checked that there was enough data to have both the MAC and padding

This issue was reported to OpenSSL on 13th of April 2016 by Juraj
Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx
of the OpenSSL development team.

Other Downloads


Live chat