CVE-2017-3738

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2017-3738
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2017-12-07 16:29:00 UTC
Updated2022-08-19 11:49:00 UTC
DescriptionThere is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 8.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Openssl Openssl 1.0.2 All All All
Application Openssl Openssl 1.0.2 beta1 All All
Application Openssl Openssl 1.0.2 beta2 All All
Application Openssl Openssl 1.0.2 beta3 All All
Application Openssl Openssl 1.0.2a All All All
Application Openssl Openssl 1.0.2b All All All
Application Openssl Openssl 1.0.2c All All All
Application Openssl Openssl 1.0.2d All All All
Application Openssl Openssl 1.0.2e All All All
Application Openssl Openssl 1.0.2f All All All
Application Openssl Openssl 1.0.2g All All All
Application Openssl Openssl 1.0.2h All All All
Application Openssl Openssl 1.0.2i All All All
Application Openssl Openssl 1.0.2j All All All
Application Openssl Openssl 1.0.2k All All All
Application Openssl Openssl 1.0.2l All All All
Application Openssl Openssl 1.0.2m All All All
Application Openssl Openssl 1.1.0 All All All
Application Openssl Openssl 1.1.0a All All All
Application Openssl Openssl 1.1.0b All All All
Application Openssl Openssl 1.1.0c All All All
Application Openssl Openssl 1.1.0d All All All
Application Openssl Openssl 1.1.0e All All All
Application Openssl Openssl 1.1.0f All All All
Application Openssl Openssl 1.1.0g All All All
Application Openssl Openssl 1.0.2 All All All
Application Openssl Openssl 1.0.2 beta1 All All
Application Openssl Openssl 1.0.2 beta2 All All
Application Openssl Openssl 1.0.2 beta3 All All
Application Openssl Openssl 1.0.2a All All All
Application Openssl Openssl 1.0.2b All All All
Application Openssl Openssl 1.0.2c All All All
Application Openssl Openssl 1.0.2d All All All
Application Openssl Openssl 1.0.2e All All All
Application Openssl Openssl 1.0.2f All All All
Application Openssl Openssl 1.0.2g All All All
Application Openssl Openssl 1.0.2h All All All
Application Openssl Openssl 1.0.2i All All All
Application Openssl Openssl 1.0.2j All All All
Application Openssl Openssl 1.0.2k All All All
Application Openssl Openssl 1.0.2l All All All
Application Openssl Openssl 1.0.2m All All All
Application Openssl Openssl 1.1.0 All All All
Application Openssl Openssl 1.1.0a All All All
Application Openssl Openssl 1.1.0b All All All
Application Openssl Openssl 1.1.0c All All All
Application Openssl Openssl 1.1.0d All All All
Application Openssl Openssl 1.1.0e All All All
Application Openssl Openssl 1.1.0f All All All
Application Openssl Openssl 1.1.0g All All All

References

ReferenceSourceLinkTags
OpenSSL: Multiple vulnerabilities (GLSA 201712-03) — Gentoo security GENTOO security.gentoo.org Third Party Advisory
Document Display | HPE Support Center CONFIRM support.hpe.com
Debian -- Security Information -- DSA-4065-1 openssl1.0 DEBIAN www.debian.org Third Party Advisory
Oracle Critical Patch Update - January 2018 CONFIRM www.oracle.com
CPU July 2018 CONFIRM www.oracle.com
Oracle Critical Patch Update - April 2018 CONFIRM www.oracle.com
FreeBSD-SA-17:12 FREEBSD security.FreeBSD.org Third Party Advisory
www.openssl.org/news/secadv/20180327.txt CONFIRM www.openssl.org
Red Hat Customer Portal REDHAT access.redhat.com
OpenSSL CVE-2017-3738 Information Disclosure Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
[R1] Nessus Network Monitor 5.5.0 Fixes One Third-party Vulnerability - Security Advisory | Tenable® CONFIRM www.tenable.com
Oracle Critical Patch Update - January 2019 CONFIRM www.oracle.com
Debian -- Security Information -- DSA-4157-1 openssl DEBIAN www.debian.org
December 2017 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com Third Party Advisory
Oracle Critical Patch Update - July 2019 MISC www.oracle.com
[R1] Industrial Security 1.1.0 Fixes One Third-party Vulnerability - Security Advisory | Tenable® CONFIRM www.tenable.com
[R2] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® CONFIRM www.tenable.com
Red Hat Customer Portal REDHAT access.redhat.com
Red Hat Customer Portal REDHAT access.redhat.com
CPU Oct 2018 CONFIRM www.oracle.com
Red Hat Customer Portal REDHAT access.redhat.com
Data Confidentiality/Integrity Vulnerability, December 2017 | Node.js CONFIRM nodejs.org Third Party Advisory
OpenSSL Overflow in rsaz_1024_mul_avx2() Lets Remote Users Obtain Potentially Sensitive Information in Certain Cases and SSL_read()/SSL_write() Error State Bug May Bypass Decryption/Encryption in Certain Application Dependent Cases - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2. · openssl/openssl@e502cc8 · GitHub MISC github.com
www.openssl.org/news/secadv/20171207.txt CONFIRM www.openssl.org Vendor Advisory
[R1] OpenSSL Stand-alone Patch Available for SecurityCenter versions 5.0 or Later - Security Advisory | Tenable® CONFIRM www.tenable.com
Oracle Critical Patch Update Advisory - April 2019 MISC www.oracle.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 710507 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 201712-03)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report