// For flags

CVE-2017-3736

openssl: bn_sqrx8x_internal carry bug on x86_64

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Existe un error de propagación de dígito (carry propagation) en el procedimiento de elevación al cuadrado de x86_64 Montgomery en OpenSSL en versiones anteriores a la 1.0.2m y 1.1.0 anteriores a la 1.1.0g. Ningún algoritmo EC se ha visto afectado. El análisis sugiere que los ataques contra RSA y DSA como resultado de este defecto serían muy difíciles de realizar y no se ve probable. Los ataques contra DH se consideran simplemente factibles (aunque muy difíciles) porque la mayoría del trabajo necesario para deducir la información sobre una clave privada se puede realizar offline. La cantidad de recursos necesarios para este ataque sería muy elevada y lo más probable es que solo sea accesible para un número limitado de atacantes. Un atacante necesitaría acceso online a un sistema sin parchear que utilice la clave privada objetivo en una situación con parámetros DH persistentes y una clave privada que se comparte entre múltiples clientes. Esto solo afecta a los procesadores que son compatibles con las extensiones BMI1, BMI2 y ADX como Intel Broadwell (5ª generación) y posteriores o AMD Ryzen.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-16 CVE Reserved
  • 2017-11-02 CVE Published
  • 2024-06-05 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-682: Incorrect Calculation
CAPEC
References (29)
URL Tag Source
http://www.securityfocus.com/bid/101666 Third Party Advisory
http://www.securitytracker.com/id/1039727 Third Party Advisory
https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871 Third Party Advisory
https://security.netapp.com/advisory/ntap-20171107-0002 Issue Tracking
https://security.netapp.com/advisory/ntap-20180117-0002 Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html X_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html X_refsource_misc
https://www.tenable.com/security/tns-2017-14 Issue Tracking
https://www.tenable.com/security/tns-2017-15 Third Party Advisory
URL Date SRC
URL Date SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html 2019-04-23
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html 2019-04-23
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html 2019-04-23
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html 2019-04-23
URL Date SRC
https://access.redhat.com/errata/RHSA-2018:0998 2019-04-23
https://access.redhat.com/errata/RHSA-2018:2185 2019-04-23
https://access.redhat.com/errata/RHSA-2018:2186 2019-04-23
https://access.redhat.com/errata/RHSA-2018:2187 2019-04-23
https://access.redhat.com/errata/RHSA-2018:2568 2019-04-23
https://access.redhat.com/errata/RHSA-2018:2575 2019-04-23
https://access.redhat.com/errata/RHSA-2018:2713 2019-04-23
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc 2019-04-23
https://security.gentoo.org/glsa/201712-03 2019-04-23
https://www.debian.org/security/2017/dsa-4017 2019-04-23
https://www.debian.org/security/2017/dsa-4018 2019-04-23
https://www.openssl.org/news/secadv/20171102.txt 2019-04-23
https://access.redhat.com/security/cve/CVE-2017-3736 2018-09-17
https://bugzilla.redhat.com/show_bug.cgi?id=1509169 2018-09-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 >= 1.0.2 < 1.0.2m
Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 < 1.0.2m"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 >= 1.1.0 < 1.1.0g
Search vendor "Openssl" for product "Openssl" and version " >= 1.1.0 < 1.1.0g"
-
Affected