CVE-2017-3732

moderate-risk

Published 2017-05-04

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

Do I need to act?

5.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (17)

Openssl

Node.Js

Affected Vendors

Openssl Nodejs

References (36)

Patch http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Third Party Advisory http://www.securityfocus.com/bid/95814

Third Party Advisory http://www.securitytracker.com/id/1037717

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2185

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2186

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2187

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2568

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2575

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2713

Patch https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c...

Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc

Third Party Advisory https://security.gentoo.org/glsa/201702-07

Third Party Advisory https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...

Vendor Advisory https://www.openssl.org/news/secadv/20170126.txt

Patch https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Third Party Advisory https://www.tenable.com/security/tns-2017-04

Patch http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

and 16 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 8/34 · Low

Exposure 19/34 · Moderate