CVE-2016-2183

UNKNOWN

Published 2016-09-01T00:00:00.000Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2016-2183. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-w2rw-pv8p-h9c8

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-2183

WEB https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633

WEB https://support.f5.com/csp/article/K13167034

WEB https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178

WEB https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613

WEB https://security.netapp.com/advisory/ntap-20170119-0001

WEB https://security.netapp.com/advisory/ntap-20160915-0001

WEB https://security.gentoo.org/glsa/201707-01

WEB https://security.gentoo.org/glsa/201701-65

WEB https://security.gentoo.org/glsa/201612-16

WEB https://seclists.org/bugtraq/2018/Nov/21

WEB https://nodejs.org/en/blog/vulnerability/september-2016-security-releases

WEB https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack

WEB https://kc.mcafee.com/corporate/index?page=content&id=SB10310

WEB https://kc.mcafee.com/corporate/index?page=content&id=SB10215

WEB https://kc.mcafee.com/corporate/index?page=content&id=SB10197

WEB https://kc.mcafee.com/corporate/index?page=content&id=SB10186

WEB https://kc.mcafee.com/corporate/index?page=content&id=SB10171

WEB https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

WEB https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

WEB https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability

WEB https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability

WEB https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue

WEB https://www.tenable.com/security/tns-2017-09

WEB https://www.tenable.com/security/tns-2016-21

WEB https://www.tenable.com/security/tns-2016-20

WEB https://www.tenable.com/security/tns-2016-16

WEB https://www.sigsac.org/ccs/CCS2016/accepted-papers

WEB https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

WEB https://www.oracle.com/security-alerts/cpuoct2021.html

WEB https://www.oracle.com/security-alerts/cpuoct2020.html

WEB https://www.oracle.com/security-alerts/cpujul2020.html

WEB https://www.oracle.com/security-alerts/cpujan2020.html

WEB https://www.oracle.com/security-alerts/cpuapr2020.html

WEB https://www.openssl.org/blog/blog/2016/08/24/sweet32

WEB https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish

WEB https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

WEB https://www.ietf.org/mail-archive/web/tls/current/msg04560.html

WEB https://www.exploit-db.com/exploits/42091

WEB https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

WEB https://wiki.opendaylight.org/view/Security_Advisories

WEB https://sweet32.info

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

WEB https://access.redhat.com/errata/RHSA-2021:0308

WEB https://access.redhat.com/errata/RHSA-2020:3842

WEB https://access.redhat.com/errata/RHSA-2020:0451

WEB https://access.redhat.com/errata/RHSA-2019:2859

WEB https://access.redhat.com/errata/RHSA-2019:1245

WEB https://access.redhat.com/errata/RHSA-2018:2123

WEB https://access.redhat.com/errata/RHSA-2017:3240

WEB https://access.redhat.com/errata/RHSA-2017:3239

WEB https://access.redhat.com/errata/RHSA-2017:3114

WEB https://access.redhat.com/errata/RHSA-2017:3113

WEB https://access.redhat.com/errata/RHSA-2017:2710

WEB https://access.redhat.com/errata/RHSA-2017:2709

WEB https://access.redhat.com/errata/RHSA-2017:2708

WEB https://access.redhat.com/errata/RHSA-2017:1216

WEB https://access.redhat.com/errata/RHSA-2017:0462

WEB https://access.redhat.com/errata/RHSA-2017:0338

WEB https://access.redhat.com/errata/RHSA-2017:0337

WEB https://access.redhat.com/errata/RHSA-2017:0336

WEB https://access.redhat.com/errata/RHSA-2016:1940

WEB https://access.redhat.com/errata/RHBA-2019:2581

WEB https://access.redhat.com/articles/2548661

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984

WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403

WEB https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

WEB https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

WEB https://bugzilla.redhat.com/show_bug.cgi?id=1369383

WEB https://bto.bluecoat.com/security-advisory/sa133

WEB https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls

WEB https://access.redhat.com/security/cve/cve-2016-2183

WEB https://access.redhat.com/errata/RHSA-2021:2438

WEB http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

WEB http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

WEB http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

WEB http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

WEB http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

WEB http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html

WEB http://rhn.redhat.com/errata/RHSA-2017-0336.html

WEB http://rhn.redhat.com/errata/RHSA-2017-0337.html

WEB http://rhn.redhat.com/errata/RHSA-2017-0338.html

WEB http://rhn.redhat.com/errata/RHSA-2017-0462.html

WEB http://seclists.org/fulldisclosure/2017/Jul/31

WEB http://seclists.org/fulldisclosure/2017/May/105

WEB http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697

WEB http://www-01.ibm.com/support/docview.wss?uid=swg21991482

WEB http://www-01.ibm.com/support/docview.wss?uid=swg21995039

WEB http://www.debian.org/security/2016/dsa-3673

WEB http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

WEB http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

WEB http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

WEB http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

WEB http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

WEB http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

WEB http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

WEB http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

WEB http://www.securityfocus.com/archive/1/539885/100/0/threaded

WEB http://www.securityfocus.com/archive/1/540341/100/0/threaded

WEB http://www.securityfocus.com/archive/1/541104/100/0/threaded

WEB http://www.securityfocus.com/archive/1/542005/100/0/threaded

WEB http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded

WEB http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded

WEB http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded

WEB http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded

WEB http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded

WEB http://www.securityfocus.com/bid/92630

WEB http://www.securityfocus.com/bid/95568

WEB http://www.securitytracker.com/id/1036696

WEB http://www.splunk.com/view/SP-CAAAPSV

WEB http://www.splunk.com/view/SP-CAAAPUE

WEB http://www.ubuntu.com/usn/USN-3087-1

WEB http://www.ubuntu.com/usn/USN-3087-2

WEB http://www.ubuntu.com/usn/USN-3179-1

WEB http://www.ubuntu.com/usn/USN-3194-1

WEB http://www.ubuntu.com/usn/USN-3198-1

WEB http://www.ubuntu.com/usn/USN-3270-1

WEB http://www.ubuntu.com/usn/USN-3372-1

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: March 31, 2025

References

https://access.redhat.com/errata/RHSA-2017:3113

http://rhn.redhat.com/errata/RHSA-2017-0338.html

https://www.tenable.com/security/tns-2016-20

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us

https://security.gentoo.org/glsa/201612-16

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415

https://access.redhat.com/errata/RHSA-2017:3240

https://www.tenable.com/security/tns-2016-16

https://access.redhat.com/errata/RHSA-2017:2709

http://www.securityfocus.com/bid/92630

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499

https://www.tenable.com/security/tns-2016-21

https://kc.mcafee.com/corporate/index?page=content&id=SB10171

https://access.redhat.com/errata/RHSA-2017:3239

https://www.exploit-db.com/exploits/42091/

https://security.gentoo.org/glsa/201701-65

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

http://www.securitytracker.com/id/1036696

https://security.netapp.com/advisory/ntap-20160915-0001/

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us

https://security.gentoo.org/glsa/201707-01

http://www.securityfocus.com/bid/95568

https://access.redhat.com/errata/RHSA-2017:3114

https://bto.bluecoat.com/security-advisory/sa133

https://www.tenable.com/security/tns-2017-09

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116

https://access.redhat.com/errata/RHSA-2017:1216

https://wiki.opendaylight.org/view/Security_Advisories

https://access.redhat.com/errata/RHSA-2017:2710

https://security.netapp.com/advisory/ntap-20170119-0001/

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984

https://www.ietf.org/mail-archive/web/tls/current/msg04560.html

https://access.redhat.com/errata/RHSA-2018:2123

http://rhn.redhat.com/errata/RHSA-2017-0337.html

https://access.redhat.com/errata/RHSA-2017:2708

http://rhn.redhat.com/errata/RHSA-2017-0336.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

http://rhn.redhat.com/errata/RHSA-2017-0462.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759

https://kc.mcafee.com/corporate/index?page=content&id=SB10215

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html

http://www.securityfocus.com/archive/1/540341/100/0/threaded

http://www.ubuntu.com/usn/USN-3087-1

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html

http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded

http://www.ubuntu.com/usn/USN-3087-2

http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded

https://kc.mcafee.com/corporate/index?page=content&id=SB10197

https://kc.mcafee.com/corporate/index?page=content&id=SB10186

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html

http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613

http://seclists.org/fulldisclosure/2017/Jul/31

http://www.ubuntu.com/usn/USN-3194-1

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html

https://seclists.org/bugtraq/2018/Nov/21

https://support.f5.com/csp/article/K13167034

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722

http://www.securityfocus.com/archive/1/542005/100/0/threaded

http://www.debian.org/security/2016/dsa-3673

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html

http://www.ubuntu.com/usn/USN-3372-1

http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html

http://www.ubuntu.com/usn/USN-3270-1

http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html

http://seclists.org/fulldisclosure/2017/May/105

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448

http://www.securityfocus.com/archive/1/539885/100/0/threaded

http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415

http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html

http://www.ubuntu.com/usn/USN-3198-1

http://seclists.org/fulldisclosure/2017/May/105

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403

http://www.securityfocus.com/archive/1/541104/100/0/threaded

http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html

http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded

http://www.ubuntu.com/usn/USN-3179-1

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en

https://access.redhat.com/errata/RHSA-2019:1245

https://access.redhat.com/errata/RHSA-2019:2859

https://access.redhat.com/errata/RHSA-2020:0451

https://kc.mcafee.com/corporate/index?page=content&id=SB10310

https://www.oracle.com/security-alerts/cpuapr2020.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://www.oracle.com/security-alerts/cpujul2020.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/security-alerts/cpujan2020.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://sweet32.info/

http://www.splunk.com/view/SP-CAAAPUE

https://bugzilla.redhat.com/show_bug.cgi?id=1369383

https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

https://access.redhat.com/articles/2548661

https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue

http://www.splunk.com/view/SP-CAAAPSV

http://www-01.ibm.com/support/docview.wss?uid=swg21995039

https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

https://www.sigsac.org/ccs/CCS2016/accepted-papers/

http://www-01.ibm.com/support/docview.wss?uid=swg21991482

https://www.openssl.org/blog/blog/2016/08/24/sweet32/

https://access.redhat.com/security/cve/cve-2016-2183

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf