Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2017-3736

Disclosure Date: November 02, 2017
CVE-2017-3736
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
OpenSSL 1.1.0 - 1.1.0f
OpenSSL 1.0.2 - 1.0.2l
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • openssl

Products

  • openssl

References

Canonical
CVE-2017-3736 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736)
BID-101666 (http://www.securityfocus.com/bid/101666)
Advisory
https://security.netapp.com/advisory/ntap-20171107-0002
https://access.redhat.com/errata/RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2186
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://access.redhat.com/errata/RHSA-2018:2713
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
DSA-4018 (https://www.debian.org/security/2017/dsa-4018)
GLSA-201712-03 (https://security.gentoo.org/glsa/201712-03)
https://access.redhat.com/errata/RHSA-2018:0998
https://access.redhat.com/errata/RHSA-2018:2575
https://www.tenable.com/security/tns-2017-15
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://access.redhat.com/errata/RHSA-2018:2568
https://www.openssl.org/news/secadv/20171102.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
DSA-4017 (https://www.debian.org/security/2017/dsa-4017)
https://www.tenable.com/security/tns-2017-14
SECTRACK-1039727 (http://www.securitytracker.com/id/1039727)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us
https://access.redhat.com/errata/RHSA-2018:2187
https://security.netapp.com/advisory/ntap-20180117-0002
Miscellaneous
https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis