CVE-2016-2183

Public Exploit

Description

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 40.60% Top 5%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory debian.org Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory opensuse.org Vendor Advisory opensuse.org Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2017:3113 third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2017-0338.html third party advisory vendor advisory
https://www.tenable.com/security/tns-2016-20 third party advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us third party advisory
https://security.gentoo.org/glsa/201612-16 third party advisory vendor advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403 third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 third party advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415 third party advisory
https://access.redhat.com/errata/RHSA-2017:3240 third party advisory vendor advisory
https://www.tenable.com/security/tns-2016-16 third party advisory
https://access.redhat.com/errata/RHSA-2017:2709 third party advisory vendor advisory
http://www.securityfocus.com/bid/92630 vdb entry third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499 third party advisory
https://www.tenable.com/security/tns-2016-21 third party advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10171 third party advisory
https://access.redhat.com/errata/RHSA-2017:3239 third party advisory vendor advisory
https://www.exploit-db.com/exploits/42091/ exploit vdb entry third party advisory
https://security.gentoo.org/glsa/201701-65 third party advisory vendor advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 third party advisory
http://www.securitytracker.com/id/1036696 vdb entry third party advisory
https://security.netapp.com/advisory/ntap-20160915-0001/ third party advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us third party advisory
https://security.gentoo.org/glsa/201707-01 third party advisory vendor advisory
http://www.securityfocus.com/bid/95568 vdb entry third party advisory
https://access.redhat.com/errata/RHSA-2017:3114 third party advisory vendor advisory
https://bto.bluecoat.com/security-advisory/sa133 third party advisory
https://www.tenable.com/security/tns-2017-09 third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849 third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116 third party advisory
https://access.redhat.com/errata/RHSA-2017:1216 third party advisory vendor advisory
https://wiki.opendaylight.org/view/Security_Advisories third party advisory
https://access.redhat.com/errata/RHSA-2017:2710 third party advisory vendor advisory
https://security.netapp.com/advisory/ntap-20170119-0001/ third party advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984 third party advisory
https://www.ietf.org/mail-archive/web/tls/current/msg04560.html third party advisory mailing list
https://access.redhat.com/errata/RHSA-2018:2123 third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2017-0337.html third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2017:2708 third party advisory vendor advisory
http://rhn.redhat.com/errata/RHSA-2017-0336.html third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html third party advisory vendor advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 third party advisory
http://rhn.redhat.com/errata/RHSA-2017-0462.html third party advisory vendor advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 third party advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 third party advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215 third party advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html mailing list third party advisory vendor advisory
http://www.securityfocus.com/archive/1/540341/100/0/threaded mailing list vdb entry third party advisory
http://www.ubuntu.com/usn/USN-3087-1 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html mailing list third party advisory vendor advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680 third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html mailing list third party advisory vendor advisory
http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded mailing list vdb entry third party advisory
http://www.ubuntu.com/usn/USN-3087-2 third party advisory vendor advisory
http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded mailing list vdb entry third party advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10197 third party advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10186 third party advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html mailing list third party advisory vendor advisory
http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded mailing list vdb entry third party advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849 third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html mailing list third party advisory vendor advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613 third party advisory
http://seclists.org/fulldisclosure/2017/Jul/31 third party advisory mailing list
http://www.ubuntu.com/usn/USN-3194-1 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html mailing list third party advisory vendor advisory
https://seclists.org/bugtraq/2018/Nov/21 third party advisory mailing list
https://support.f5.com/csp/article/K13167034 third party advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722 third party advisory
http://www.securityfocus.com/archive/1/542005/100/0/threaded mailing list vdb entry third party advisory
http://www.debian.org/security/2016/dsa-3673 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html mailing list third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-3372-1 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html mailing list third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-3270-1 third party advisory vendor advisory
http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded mailing list vdb entry third party advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178 third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html mailing list third party advisory vendor advisory
http://seclists.org/fulldisclosure/2017/May/105 third party advisory mailing list
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html mailing list third party advisory vendor advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 third party advisory
http://www.securityfocus.com/archive/1/539885/100/0/threaded mailing list vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html mailing list third party advisory vendor advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415 third party advisory
http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html mailing list third party advisory vendor advisory
http://www.ubuntu.com/usn/USN-3198-1 third party advisory vendor advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403 third party advisory
http://www.securityfocus.com/archive/1/541104/100/0/threaded mailing list vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html mailing list third party advisory vendor advisory
http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded mailing list vdb entry third party advisory
http://www.ubuntu.com/usn/USN-3179-1 third party advisory vendor advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en third party advisory
https://access.redhat.com/errata/RHSA-2019:1245 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:2859 third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2020:0451 third party advisory vendor advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10310 third party advisory
https://www.oracle.com/security-alerts/cpuapr2020.html third party advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html third party advisory patch
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html third party advisory patch
https://www.oracle.com/security-alerts/cpujul2020.html third party advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html third party advisory patch
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html third party advisory patch
https://www.oracle.com/security-alerts/cpujan2020.html third party advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html third party advisory patch
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html third party advisory patch
https://sweet32.info/ third party advisory technical description
http://www.splunk.com/view/SP-CAAAPUE third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1369383 issue tracking third party advisory
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/ press/media coverage third party advisory technical description
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html third party advisory
https://access.redhat.com/articles/2548661 third party advisory mitigation
https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue third party advisory
http://www.splunk.com/view/SP-CAAAPSV third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21995039 third party advisory
https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633 third party advisory
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ third party advisory
https://www.sigsac.org/ccs/CCS2016/accepted-papers/ third party advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21991482 third party advisory
https://www.openssl.org/blog/blog/2016/08/24/sweet32/ press/media coverage third party advisory mitigation
https://access.redhat.com/security/cve/cve-2016-2183 third party advisory
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/ press/media coverage third party advisory technical description
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 third party advisory us government resource
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html third party advisory
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/ press/media coverage third party advisory technical description
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 third party advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 third party advisory
https://www.oracle.com/security-alerts/cpuoct2020.html third party advisory
https://www.oracle.com/security-alerts/cpuoct2021.html third party advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 third party advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability

Frequently Asked Questions

What is the severity of CVE-2016-2183?
CVE-2016-2183 has been scored as a high severity vulnerability.
How to fix CVE-2016-2183?
To fix CVE-2016-2183, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-2183 being actively exploited in the wild?
It is possible that CVE-2016-2183 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~41% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.