
CVE-2017-3738 – openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3738
07 Dec 2017 — There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be sign... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2017-3737 – openssl: Read/write after SSL object in error state
https://notcve.org/view.php?id=CVE-2017-3737
07 Dec 2017 — OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake f... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-125: Out-of-bounds Read CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •

CVE-2017-3736 – openssl: bn_sqrx8x_internal carry bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3736
02 Nov 2017 — There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required fo... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •

CVE-2017-3735 – openssl: Malformed X.509 IPAdressFamily could cause OOB read
https://notcve.org/view.php?id=CVE-2017-3735
28 Aug 2017 — While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. Al analizar una extensión IPAddressFamily en un certificado X.509, es posible realizar una sobrelectura de un bit. Esto tendría como resultado que el texto del certificado se muestre de forma incorrecta. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVE-2017-3733 – Encrypt-Then-Mac renegotiation crash
https://notcve.org/view.php?id=CVE-2017-3733
16 Feb 2017 — During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. Durante un protocolo de enlace de renegociación, si la extensión Encrypt-Then-Mac es negociada cuando no estaba en el protocolo de enlace original (o viceversa), se podría provocar el cierre inesperado de OpenSSL (dependiente de una suite de cifrad... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation •

CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
https://notcve.org/view.php?id=CVE-2016-8610
30 Jan 2017 — A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL de... • https://github.com/cujanovic/CVE-2016-8610-PoC • CWE-400: Uncontrolled Resource Consumption •

CVE-2016-7056 – openssl: ECDSA P-256 timing attack key recovery
https://notcve.org/view.php?id=CVE-2016-7056
30 Jan 2017 — A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. Se ha encontrado un error de ataque de sincronización en OpenSSL, en versiones 1.0.1u y anteriores, que podría permitir que un usuario malicioso con acceso local recupere claves privadas ECDSA P-256 A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. Red Hat JBoss Core Services is a ... • http://rhn.redhat.com/errata/RHSA-2017-1415.html • CWE-320: Key Management Errors CWE-385: Covert Timing Channel •

CVE-2017-3730 – Bad (EC)DHE parameters cause a client crash
https://notcve.org/view.php?id=CVE-2017-3730
26 Jan 2017 — In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. En OpenSSL versión 1.1.0 anterior a 1.1.0d, si un servidor malicioso suministra parámetros incorrectos para un intercambio de claves DHE o ECDHE, entonces esto puede resultar en que el cliente intente desreferenciar un puntero NULL que conduce ... • https://packetstorm.news/files/id/140804 • CWE-476: NULL Pointer Dereference •

CVE-2017-3731 – Truncated packet could crash via OOB read
https://notcve.org/view.php?id=CVE-2017-3731
26 Jan 2017 — If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. Si un servidor o cliente SSL/TLS se ejecuta en un hos... • http://rhn.redhat.com/errata/RHSA-2017-0286.html • CWE-125: Out-of-bounds Read •

CVE-2017-3732 – BN_mod_exp may produce incorrect results on x86_64
https://notcve.org/view.php?id=CVE-2017-3732
26 Jan 2017 — There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources requi... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •