CVE-2017-3732

CWE-200 — Information Exposure CWE-310 CWE-39913 documents10 sources

Severity

5.9MEDIUM

EPSS

5.2%

top 10.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nodejs Node.js Openssl Openssl

Timeline

PublishedMay 4

Latest updateMay 14

Description

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of res…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶Debianopenssl< 1.1.0d-1+3

▶CVEListV5openssl/openssl15 versions+14

▶NVDopenssl/openssl12 versions+11

▶NVDnodejs/node.js4.2.0 — 4.7.3+5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-5hg3-8gvm-5294: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1↗2022-05-14

▶

OSV

CVE-2017-3732: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1↗2017-05-04

▶

CVEList

BN_mod_exp may produce incorrect results on x86_64↗2017-05-04

▶

📋Vendor Advisories

BSD

FreeBSD-SA-17:02.openssl: OpenSSL multiple vulnerabilities↗2017-02-23

▶

Ubuntu

OpenSSL vulnerabilities↗2017-01-31

▶

Cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017↗2017-01-31

▶

Red Hat

openssl: BN_mod_exp may produce incorrect results on x86_64↗2017-01-26

▶

Debian

CVE-2017-3732: openssl - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in ...↗2017

▶

💬Community

Bugzilla

CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [fedora-all]↗2017-01-26

▶

Bugzilla

CVE-2017-3731 CVE-2017-3732 openssl: various flaws [fedora-all]↗2017-01-26

▶

Bugzilla

CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64↗2017-01-26

▶

Bugzilla

CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [epel-7]↗2017-01-26

▶