Vulnerability Details : CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.
Vulnerability category: Information leak
Products affected by CVE-2017-3738
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3738
1.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3738
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-3738
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3738
-
https://www.debian.org/security/2017/dsa-4065
Debian -- Security Information -- DSA-4065-1 openssl1.0Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch;Third Party Advisory
-
https://www.openssl.org/news/secadv/20171207.txt
Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2185
RHSA-2018:2185 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201712-03
OpenSSL: Multiple vulnerabilities (GLSA 201712-03) — Gentoo securityThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2186
RHSA-2018:2186 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.tenable.com/security/tns-2018-04
[R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later - Security Advisory | Tenable®Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1039978
OpenSSL Overflow in rsaz_1024_mul_avx2() Lets Remote Users Obtain Potentially Sensitive Information in Certain Cases and SSL_read()/SSL_write() Error State Bug May Bypass Decryption/Encryption in CertThird Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20171208-0001/
December 2017 OpenSSL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a
bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2. · openssl/openssl@e502cc8 · GitHubPatch;Third Party Advisory
-
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
Data Confidentiality/Integrity Vulnerability, December 2017 | Node.jsVendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2187
RHSA-2018:2187 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc
Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019Patch;Third Party Advisory
-
https://www.tenable.com/security/tns-2017-16
[R2] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019Patch;Third Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us
HPESBST03881 rev.1 - HPE Command View Advanced Edition (CVAE), Local and Remote Access Restriction BypassThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4157
Debian -- Security Information -- DSA-4157-1 opensslThird Party Advisory
-
https://www.tenable.com/security/tns-2018-06
[R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability - Security Advisory | Tenable®Third Party Advisory
-
https://www.tenable.com/security/tns-2018-07
[R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability - Security Advisory | Tenable®Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0998
RHSA-2018:0998 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/102118
OpenSSL CVE-2017-3738 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://www.openssl.org/news/secadv/20180327.txt
Vendor Advisory
Jump to