Sha256: 2cdef37feb89edf6e9302a8d3a0f394b9b811b266b8f4881709c9dc1926757bf
Contents?: true
Size: 482 Bytes
Versions: 1
Compression:
Stored size: 482 Bytes
Contents
--- gem: openssl cve: 2016-7798 url: https://github.com/ruby/openssl/issues/49 date: 2017-10-24 title: Incorrect handling of initialization vector in the GCM mode in OpenSSL description: | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. cvss_v3: 7.5 cvss_v2: 5.0 patched_versions: - ">= 2.0.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/openssl/CVE-2016-7798.yml |