Information Disclosure

2020-09-2106:18:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

72.9%

JSON

openssl is vulnerable to information disclosure. The vulenerability exists through the ability to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite, if an implementation re-uses a DH secret across multiple TLS connections.

CPENameOperatorVersion
openssl1.0:bioniceq1.0.2n-1ubuntu5
openssl1.0:bioniceq1.0.2n-1ubuntu5.3
openssl:xenialeq1.0.2g-1ubuntu4.16
openssl:xenialeq1.0.2g-1ubuntu4
openssl1.0:bioniceq1.0.2n-1ubuntu5
openssl1.0:bioniceq1.0.2n-1ubuntu5.3
openssl:xenialeq1.0.2g-1ubuntu4.16
openssl:xenialeq1.0.2g-1ubuntu4

Name	Operator	Version
openssl1.0:bionic	eq	1.0.2n-1ubuntu5
openssl1.0:bionic	eq	1.0.2n-1ubuntu5.3
openssl:xenial	eq	1.0.2g-1ubuntu4.16
openssl:xenial	eq	1.0.2g-1ubuntu4
openssl1.0:bionic	eq	1.0.2n-1ubuntu5
openssl1.0:bionic	eq	1.0.2n-1ubuntu5.3
openssl:xenial	eq	1.0.2g-1ubuntu4.16
openssl:xenial	eq	1.0.2g-1ubuntu4