PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-7798 Debian CVE debrief

CVE-2016-7798 is a high-severity weakness in the Ruby openssl gem and related Debian packages that ship it. According to NVD, when AES-GCM is used and the IV is set before the key, the library can reuse the same IV, which undermines the protection that GCM is meant to provide. The issue was publicly disclosed through mailing list discussion and a patch reference in 2016, and the CVE was published on 2017-01-30.

Vendor
Debian
Product
CVE-2016-7798
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-01-30
Original CVE updated
2026-05-13
Advisory published
2017-01-30
Advisory updated
2026-05-13

Who should care

Teams that maintain Ruby applications using the openssl gem, especially code that relies on AES-GCM (aes-*-gcm), and Debian administrators responsible for affected packages. Security teams should also care if the application handles sensitive data over untrusted networks or depends on GCM for confidentiality guarantees.

Technical summary

NVD describes the flaw as IV reuse in GCM mode when the IV is set before the key. Reusing a GCM IV/nonce can weaken confidentiality and make encryption protections unreliable in context-dependent scenarios. The NVD entry maps the weakness to CWE-326 and gives a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The supplied CPE data marks ruby-lang:openssl versions before 2.0.0 as vulnerable, along with Debian Linux 8.0 and 9.0 entries.

Defensive priority

High. The attack is network-reachable, requires no privileges or user interaction, and can affect confidentiality. Prioritize any exposed Ruby service that uses the openssl gem for AES-GCM.

Recommended defensive actions

  • Check whether your Ruby environment uses the openssl gem and whether AES-GCM is used anywhere in the application or dependencies.
  • Upgrade to a fixed ruby/openssl gem release or apply the vendor patch referenced in the upstream commit and related advisories.
  • Review code paths that set IV and key separately; ensure the implementation follows the patched ordering and any documented safe usage patterns.
  • For Debian systems, verify whether installed packages are covered by the Debian security advisories linked in the record and apply available updates.
  • Treat any sensitive-data workflows using AES-GCM as high priority for validation, regression testing, and redeployment after patching.

Evidence notes

Primary evidence comes from the NVD description and CVSS vector in the supplied source item. The NVD CPE criteria identify ruby-lang:openssl versions before 2.0.0 as vulnerable and also list Debian 8.0 and 9.0. The weaknesses field maps the issue to CWE-326. Supporting references include the upstream patch commit in the ruby/openssl repository, multiple oss-security mailing list posts, a Debian security advisory, and a Debian LTS announcement.

Official resources

Publicly referenced in September and October 2016 mailing list posts and patch material, with the CVE published by NVD on 2017-01-30. The supplied record was later modified on 2026-05-13, but that is not the issue date.