Published: 02/11/2017 Updated: 23/04/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL prior to 1.0.2m and 1.1.0 prior to 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl

Several security issues were fixed in OpenSSL ...

Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Moderate: java-180-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-180-ibm is now available for Red Hat Satellite 58Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now availableRed Hat Product Security has rated this release as having a security impactof Moderate A ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 7 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this release as ...

Synopsis Moderate: openssl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openssl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 6 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this release as h ...

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X509 certificate ...

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli No EC algorithms are affected Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely Attacks against DH1024 are considered just feasible, becaus ...

bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 102m and 110 before 110g No EC algorithms are affected Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely Attacks agai ...

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 102m and 110 before 110g No EC algorithms are affected Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely Attacks against DH are considered just feasible (a ...

A carry propagation bug has been found in OpenSSL < 110g in the x86_64 Montgomery squaring procedure No EC algorithms are affected Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely Attacks against DH are considered just feasible (although very difficu ...

Multiple vulnerabilities have been found in JP1 CVE-2017-3736, CVE-2017-3738 Affected products and versions are listed below Please upgrade your version to the appropriate version This problem occurs only if the SSL function is being used ...

Nessus leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL library to address the potentia ...

SecurityCenter leverages third-party software to help provide underlying functionality Two of the third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled PHP and OpenSSL to add ...

CWE-200 https://www.openssl.org/news/secadv/20171102.txt http://www.securitytracker.com/id/1039727 https://www.debian.org/security/2017/dsa-4018 https://www.debian.org/security/2017/dsa-4017 http://www.securityfocus.com/bid/101666 https://security.netapp.com/advisory/ntap-20171107-0002/https://www.tenable.com/security/tns-2017-14 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc https://www.tenable.com/security/tns-2017-15 https://security.gentoo.org/glsa/201712-03 https://security.netapp.com/advisory/ntap-20180117-0002/http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871 https://access.redhat.com/errata/RHSA-2018:0998 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html https://access.redhat.com/errata/RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2185 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2713 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://usn.ubuntu.com/3475-1/https://nvd.nist.gov

Get Started

CVE-2017-3736

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect