CVE-2017-3736
Public on
Last Modified:
Description
The CVE Program describes this issue as:
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Additional information
- Bugzilla 1509169: openssl: bn_sqrx8x_internal carry bug on x86_64
- CWE-682: Incorrect Calculation
- FAQ: Frequently asked questions about CVE-2017-3736
Common Vulnerability Scoring System (CVSS) Score Details
Important note
CVSS scores for open source components depend on vendor-specific factors (e.g. version or build chain). Therefore, Red Hat's score and impact rating can be different from NVD and other vendors. Red Hat remains the authoritative CVE Naming Authority (CNA) source for its products and services (see Red Hat classifications).
Red Hat | NVD | |
---|---|---|
CVSS v3 Base Score | 5.9 | 6.5 |
Attack Vector | Network | Network |
Attack Complexity | High | Low |
Privileges Required | None | Low |
User Interaction | None | None |
Scope | Unchanged | Unchanged |
Confidentiality Impact | High | High |
Integrity Impact | None | None |
Availability Impact | None | None |
CVSS v3 Vector
Red Hat: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Understanding the Weakness (CWE)
Availability
Technical Impact: DoS: Crash, Exit, or Restart
If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.
Integrity,Confidentiality,Availability
Technical Impact: DoS: Crash, Exit, or Restart; DoS: Resource Consumption (Other); Execute Unauthorized Code or Commands
If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).
Access Control
Technical Impact: Gain Privileges or Assume Identity
In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.
Access Control
Technical Impact: Bypass Protection Mechanism
If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.
Frequently Asked Questions
Why is Red Hat's CVSS v3 score or Impact different from other vendors?
My product is listed as "Under investigation" or "Affected", when will Red Hat release a fix for this vulnerability?
What can I do if my product is listed as "Will not fix"?
What can I do if my product is listed as "Fix deferred"?
What is a mitigation?
I have a Red Hat product but it is not in the above list, is it affected?
Why is my security scanner reporting my product as vulnerable to this vulnerability even though my product version is fixed or not affected?
Not sure what something means? Check out our Security Glossary.
Want to get errata notifications? Sign up here.