CVE-2017-3732
BN_mod_exp may produce incorrect results on x86_64
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.
Hay un error de propagación de dígito (carry propagation) en el procedimiento de elevación al cuadrado de Montgomery x86_64 en OpenSSL versiones 1.0.2 anteriores a la 1.0.2k y versiones 1.1.0 anteriores a la 1.1.0d. Ningún algoritmo de curva elíptica (EC) se ve afectado. El análisis sugiere que los ataques contra RSA y DSA que se realizan como resultado de este defecto serían muy difíciles de realizar y no muy probables. Los ataques contra DH se consideran factibles (aunque muy difíciles) ya que la mayoría del trabajo necesario para deducir información sobre una clave privada se puede realizar sin conexión La cantidad de recursos requeridos para este tipo de ataque sería muy significativa y, probablemente, solo estaría accesible para un número limitado de atacantes. Un atacante podría necesitar, además, acceso a un sistema sin parches que utilice la clave privada del objetivo en un escenario con parámetros DH persistentes y una clave privada que se comparte entre múltiples clientes. Por ejemplo, esto puede ocurrir por defecto en las suites de cifrado SSL/TLS basadas en DHE de OpenSSL. Nota: Este problema es muy similar a CVE-2015-3193, pero debe tratarse como un problema separado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-16 CVE Reserved
- 2017-01-26 CVE Published
- 2023-08-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95814 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037717 | Third Party Advisory | |
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us | Third Party Advisory | |
| https://www.tenable.com/security/tns-2017-04 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2185 | 2022-08-29 | |
| https://access.redhat.com/errata/RHSA-2018:2186 | 2022-08-29 | |
| https://access.redhat.com/errata/RHSA-2018:2187 | 2022-08-29 | |
| https://access.redhat.com/errata/RHSA-2018:2568 | 2022-08-29 | |
| https://access.redhat.com/errata/RHSA-2018:2575 | 2022-08-29 | |
| https://access.redhat.com/errata/RHSA-2018:2713 | 2022-08-29 | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc | 2022-08-29 | |
| https://security.gentoo.org/glsa/201702-07 | 2022-08-29 | |
| https://www.openssl.org/news/secadv/20170126.txt | 2022-08-29 | |
| https://access.redhat.com/security/cve/CVE-2017-3732 | 2018-09-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1416856 | 2018-09-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta1 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta2 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta3 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2a Search vendor "Openssl" for product "Openssl" and version "1.0.2a" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2b Search vendor "Openssl" for product "Openssl" and version "1.0.2b" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2c Search vendor "Openssl" for product "Openssl" and version "1.0.2c" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2d Search vendor "Openssl" for product "Openssl" and version "1.0.2d" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2e Search vendor "Openssl" for product "Openssl" and version "1.0.2e" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2f Search vendor "Openssl" for product "Openssl" and version "1.0.2f" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2h Search vendor "Openssl" for product "Openssl" and version "1.0.2h" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2i Search vendor "Openssl" for product "Openssl" and version "1.0.2i" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.1.0a Search vendor "Openssl" for product "Openssl" and version "1.1.0a" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.1.0b Search vendor "Openssl" for product "Openssl" and version "1.1.0b" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.1.0c Search vendor "Openssl" for product "Openssl" and version "1.1.0c" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 4.0.0 <= 4.1.2 Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 <= 4.1.2" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 4.2.0 < 4.7.3 Search vendor "Nodejs" for product "Node.js" and version " >= 4.2.0 < 4.7.3" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 5.0.0 <= 5.12.0 Search vendor "Nodejs" for product "Node.js" and version " >= 5.0.0 <= 5.12.0" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.0.0 <= 6.8.1 Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 <= 6.8.1" | - |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.9.0 < 6.9.5 Search vendor "Nodejs" for product "Node.js" and version " >= 6.9.0 < 6.9.5" | lts |
Affected
| ||||||
| Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 7.0.0 < 7.5.0 Search vendor "Nodejs" for product "Node.js" and version " >= 7.0.0 < 7.5.0" | - |
Affected
| ||||||