CVE-2017-3738

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

Existe un error de desbordamiento en el procedimiento de multiplicación AVX2 Montgomery empleado en la exponenciación con módulos de 1024 bits. Los algoritmos EC no se han visto afectados. Los análisis sugieren que los ataques contra RSA y DSA como resultado de este defecto serían muy difíciles de realizar y se cree que son improbables. Los ataques contra DH102 se consideran solo posibles, ya que la mayor parte del trabajo necesario para deducir información sobre una clave privada puede realizarse sin conexión. La cantidad de recursos necesarios para realizar tal ataque sería significativa. Sin embargo, para que un ataque sobre TLS sea significativo, el servidor tendría que compartir la clave privada DH1024 entre múltiples clientes, lo que ya no es una opción desde CVE-2016-0701. Esto solo afecta a procesadores compatibles con la extensión AVX2, pero no la ADX, como Intel Haswell (cuarta generación). Nota: El impacto de este problema es similar a CVE-2017-3736, CVE-2017-3732 y CVE-2015-3193. Se han visto afectadas las versiones 1.0.2-1.0.2m y 1.1.0-1.1.0g de OpenSSL. Se ha solucionado en OpenSSL 1.0.2n. Debido a la baja gravedad de este problema, no se va a lanzar una nueva versión de OpenSSL 1.1.0 en este momento. La corrección se aplicará en OpenSSL 1.1.0h cuando esté disponible. La corrección también estará disponible en el commit con ID e502cc86d en el repositorio Git de OpenSSL.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-12-16 CVE Reserved
2017-12-07 CVE Published
2024-03-12 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (29)

URL	Tag	Source
http://www.securityfocus.com/bid/102118	Third Party Advisory
http://www.securitytracker.com/id/1039978	Third Party Advisory
https://security.netapp.com/advisory/ntap-20171208-0001	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us	Third Party Advisory
https://www.tenable.com/security/tns-2017-16	Third Party Advisory
https://www.tenable.com/security/tns-2018-04	Third Party Advisory
https://www.tenable.com/security/tns-2018-06	Third Party Advisory
https://www.tenable.com/security/tns-2018-07	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	2022-08-19
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	2022-08-19
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	2022-08-19
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	2022-08-19
https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a	2022-08-19
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	2022-08-19
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	2022-08-19
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	2022-08-19

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:0998	2022-08-19
https://access.redhat.com/errata/RHSA-2018:2185	2022-08-19
https://access.redhat.com/errata/RHSA-2018:2186	2022-08-19
https://access.redhat.com/errata/RHSA-2018:2187	2022-08-19
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases	2022-08-19
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc	2022-08-19
https://security.gentoo.org/glsa/201712-03	2022-08-19
https://www.debian.org/security/2017/dsa-4065	2022-08-19
https://www.debian.org/security/2018/dsa-4157	2022-08-19
https://www.openssl.org/news/secadv/20171207.txt	2022-08-19
https://www.openssl.org/news/secadv/20180327.txt	2022-08-19
https://access.redhat.com/security/cve/CVE-2017-3738	2018-07-12
https://bugzilla.redhat.com/show_bug.cgi?id=1523510	2018-07-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2a Search vendor "Openssl" for product "Openssl" and version "1.0.2a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2b Search vendor "Openssl" for product "Openssl" and version "1.0.2b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2c Search vendor "Openssl" for product "Openssl" and version "1.0.2c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2d Search vendor "Openssl" for product "Openssl" and version "1.0.2d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2e Search vendor "Openssl" for product "Openssl" and version "1.0.2e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2f Search vendor "Openssl" for product "Openssl" and version "1.0.2f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2g Search vendor "Openssl" for product "Openssl" and version "1.0.2g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2h Search vendor "Openssl" for product "Openssl" and version "1.0.2h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2i Search vendor "Openssl" for product "Openssl" and version "1.0.2i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2j Search vendor "Openssl" for product "Openssl" and version "1.0.2j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2k Search vendor "Openssl" for product "Openssl" and version "1.0.2k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2l Search vendor "Openssl" for product "Openssl" and version "1.0.2l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2m Search vendor "Openssl" for product "Openssl" and version "1.0.2m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0 Search vendor "Openssl" for product "Openssl" and version "1.1.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0a Search vendor "Openssl" for product "Openssl" and version "1.1.0a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0b Search vendor "Openssl" for product "Openssl" and version "1.1.0b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0c Search vendor "Openssl" for product "Openssl" and version "1.1.0c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0d Search vendor "Openssl" for product "Openssl" and version "1.1.0d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0e Search vendor "Openssl" for product "Openssl" and version "1.1.0e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0f Search vendor "Openssl" for product "Openssl" and version "1.1.0f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.1.0g Search vendor "Openssl" for product "Openssl" and version "1.1.0g"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 4.0.0 <= 4.1.2 Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 <= 4.1.2"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 4.2.0 < 4.8.7 Search vendor "Nodejs" for product "Node.js" and version " >= 4.2.0 < 4.8.7"		lts		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 6.0.0 <= 6.8.1 Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 <= 6.8.1"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 6.9.0 < 6.12.2 Search vendor "Nodejs" for product "Node.js" and version " >= 6.9.0 < 6.12.2"		lts		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 8.0.0 <= 8.8.1 Search vendor "Nodejs" for product "Node.js" and version " >= 8.0.0 <= 8.8.1"		-		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 8.9.0 < 8.9.3 Search vendor "Nodejs" for product "Node.js" and version " >= 8.9.0 < 8.9.3"		lts		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 9.0.0 < 9.2.1 Search vendor "Nodejs" for product "Node.js" and version " >= 9.0.0 < 9.2.1"		-		Affected