Showing 1 - 4 of 4

CVE-2017-3736

Status Candidate

Overview

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Related Files

Red Hat Security Advisory 2018-0998-01: Posted Apr 11, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-0998-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include an overflow issue.; tags | advisory, overflow, protocol; systems | linux, redhat; advisories | CVE-2017-3736, CVE-2017-3737, CVE-2017-3738; MD5 | 0460d02f78c5236ec33d13a700d9ec15; Download | Favorite | Comments (0)

Gentoo Linux Security Advisory 201712-03: Posted Dec 15, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201712-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2n are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738; MD5 | 424fb2f54f934bbdb186d90e169c3306; Download | Favorite | Comments (0)

Ubuntu Security Notice USN-3475-1: Posted Nov 6, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3475-1 - It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. Various other issues were also addressed.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2017-3735, CVE-2017-3736; MD5 | 0c64cb5d962437f833874411911c027a; Download | Favorite | Comments (0)

OpenSSL Toolkit 1.0.2m: Posted Nov 4, 2017; Site openssl.org; OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.; Changes: bn_sqrx8x_internal carry bug on x86_64 was addressed. A malformed X.509 IPAddressFamily out-of-bounds read was addressed.; tags | tool, encryption, protocol; systems | unix; advisories | CVE-2017-3735, CVE-2017-3736; MD5 | 10e9e37f492094b9ef296f68f24a7666; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Red Hat 135 files
Ubuntu 38 files
Debian 30 files
Ozkan Mustafa Akkus 25 files
Borna Nematzadeh 18 files
Google Security Research 15 files
Slackware Security Team 12 files
Gentoo 12 files
t4rkd3vilz 11 files
LiquidWorm 10 files

File Archives

Systems

AIX (409)
Apple (1,546)
BSD (335)
Cisco (1,810)
Debian (5,516)
Fedora (1,681)
FreeBSD (1,195)
Gentoo (3,573)
HPUX (865)
iOS (173)
iPhone (103)
IRIX (219)
Juniper (66)
Linux (33,476)
Mac OS X (652)
Mandriva (3,105)
NetBSD (255)
OpenBSD (456)
RedHat (6,544)
Slackware (827)
Solaris (1,569)
SUSE (1,444)
Ubuntu (5,632)
UNIX (8,268)
UnixWare (172)
Windows (5,334)
Other