CVE-2017-3736

Public on

Last Modified: UTC

Description

The CVE Program describes this issue as:

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Additional information

  • Bugzilla 1509169: openssl: bn_sqrx8x_internal carry bug on x86_64
  • CWE-682: Incorrect Calculation
  • FAQ: Frequently asked questions about CVE-2017-3736

Common Vulnerability Scoring System (CVSS) Score Details

Important note

CVSS scores for open source components depend on vendor-specific factors (e.g. version or build chain). Therefore, Red Hat's score and impact rating can be different from NVD and other vendors. Red Hat remains the authoritative CVE Naming Authority (CNA) source for its products and services (see Red Hat classifications).

CVSS v3 Score Breakdown
Red HatNVD

CVSS v3 Base Score

5.9

6.5

Attack Vector

Network

Network

Attack Complexity

High

Low

Privileges Required

None

Low

User Interaction

None

None

Scope

Unchanged

Unchanged

Confidentiality Impact

High

High

Integrity Impact

None

None

Availability Impact

None

None

CVSS v3 Vector

Red Hat: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

NVD: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Understanding the Weakness (CWE)

CWE-682

Availability

Technical Impact: DoS: Crash, Exit, or Restart

If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.

Integrity,Confidentiality,Availability

Technical Impact: DoS: Crash, Exit, or Restart; DoS: Resource Consumption (Other); Execute Unauthorized Code or Commands

If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).

Access Control

Technical Impact: Gain Privileges or Assume Identity

In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.

Access Control

Technical Impact: Bypass Protection Mechanism

If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.

Frequently Asked Questions

Why is Red Hat's CVSS v3 score or Impact different from other vendors?

My product is listed as "Under investigation" or "Affected", when will Red Hat release a fix for this vulnerability?

What can I do if my product is listed as "Will not fix"?

What can I do if my product is listed as "Fix deferred"?

What is a mitigation?

I have a Red Hat product but it is not in the above list, is it affected?

Why is my security scanner reporting my product as vulnerable to this vulnerability even though my product version is fixed or not affected?

Want to get errata notifications? Sign up here.