<p>Upgrade <code>OpenSSL</code> to version 1.0.207 or higher.</p>

Cryptographic Issues Affecting openssl package, versions >=1.0.200, <1.0.207

Threat Intelligence

95.24% (100^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-COCOAPODS-OPENSSL-471144
published 2 Oct 2019
disclosed 1 Mar 2016
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 1 Mar 2016

CVE-2016-0800 Open this link in a new tab CWE-200 Open this link in a new tab CWE-310 Open this link in a new tab

How to fix?

Upgrade OpenSSL to version 1.0.207 or higher.

Overview

OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.

Affected versions of this package are vulnerable to Cryptographic Issues. OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

None
Availability (A)

None

Cryptographic Issues Affecting openssl package, versions >=1.0.200, <1.0.207

Severity

CVSS assessment made by Snyk's Security Team