ubuntu · CVE-2016-7798

Quick triage

Priority: low Published: 2017-01-30 00:00:00 UTC Updated: 2025-08-18 17:05:47 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-7798 low priority: Ubuntu including 7 source packages (ruby-attr-encrypted, ruby-encryptor, …), 161 status rows across 23 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, xenial, yakkety, zesty): DNE 110, not-affected 28, ignored 9, needs-triage 7, released 5, needed 2.

Description:

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

cvelogic Threat Intelligence