CVE-2016-7056

EPSS 0.33% · P56 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-7056

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

隐蔽时间通道

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSL 加密问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.0.1u版本及之前版本存在加密问题漏洞。具有本地访问权限的攻击者利用该漏洞可以恢复ECDSA P-256私钥。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
The OpenSSL Project	openssl	openssl 1.0.1u	-

II. Public POCs for CVE-2016-7056

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-7056

请登录查看更多情报信息。

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=8aed2a7548362e88e84a7feb795a3a97e8395008x_refsource_CONFIRM
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sigx_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2016-7056x_refsource_CONFIRM
CVE-2016-7056 | Ubuntux_refsource_CONFIRM
https://eprint.iacr.org/2016/1195x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056x_refsource_CONFIRM
http://www.securityfocus.com/bid/95375vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037575vdb-entryx_refsource_SECTRACK
https://www.debian.org/security/2017/dsa-3773vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-1415.htmlvendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1413vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1801vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1802vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1414vendor-advisoryx_refsource_REDHAT
oss-sec: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2016-7056

IV. Related Vulnerabilities

Same product: openssl

Same weakness: CWE-385

V. Comments for CVE-2016-7056

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2016-7056

I. Basic Information for CVE-2016-7056

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-7056

III. Intelligence Information for CVE-2016-7056

IV. Related Vulnerabilities

V. Comments for CVE-2016-7056

Leave a comment