CVE-2018-0734 – Timing attack against DSA
https://notcve.org/view.php?id=CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://www.securityfocus.com/bid/105758 https://access.redhat.com/errata/RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:3700 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://git.openssl.org/gitweb/?p=openssl.git%3Ba • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVE-2018-0732 – Client DoS due to large DH parameter
https://notcve.org/view.php?id=CVE-2018-0732
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104442 http://www.securitytracker.com/id/1041090 https://access.redhat.com/errata/RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1297 https://access.redhat.com/errata/ • CWE-320: Key Management Errors CWE-325: Missing Cryptographic Step •
CVE-2017-3738 – openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/102118 http://www.securitytracker.com/id/1039978 https://access.redhat.com/errata/RHSA-2018:0998 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.co • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-3736 – openssl: bn_sqrx8x_internal carry bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3736
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/101666 http://www.securitytracker.com/id/1039727 https://access.redhat.com/errata/RHSA-2018:0998 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.co • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •
CVE-2017-3735 – openssl: Malformed X.509 IPAdressFamily could cause OOB read
https://notcve.org/view.php?id=CVE-2017-3735
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. Al analizar una extensión IPAddressFamily en un certificado X.509, es posible realizar una sobrelectura de un bit. Esto tendría como resultado que el texto del certificado se muestre de forma incorrecta. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/100515 http://www.securitytracker.com/id/1039726 https://access.redhat.com/errata/RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3505 https://cert-portal.siem • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •