CVE-2017-3738: Infoleak
First published: Thu Dec 07 2017(Updated: )
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701.
Credit: openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSL OpenSSL | =1.0.2 | |
| OpenSSL OpenSSL | =1.0.2-beta1 | |
| OpenSSL OpenSSL | =1.0.2-beta2 | |
| OpenSSL OpenSSL | =1.0.2-beta3 | |
| OpenSSL OpenSSL | =1.0.2a | |
| OpenSSL OpenSSL | =1.0.2b | |
| OpenSSL OpenSSL | =1.0.2c | |
| OpenSSL OpenSSL | =1.0.2d | |
| OpenSSL OpenSSL | =1.0.2e | |
| OpenSSL OpenSSL | =1.0.2f | |
| OpenSSL OpenSSL | =1.0.2g | |
| OpenSSL OpenSSL | =1.0.2h | |
| OpenSSL OpenSSL | =1.0.2i | |
| OpenSSL OpenSSL | =1.0.2j | |
| OpenSSL OpenSSL | =1.0.2k | |
| OpenSSL OpenSSL | =1.0.2l | |
| OpenSSL OpenSSL | =1.0.2m | |
| OpenSSL OpenSSL | =1.1.0 | |
| OpenSSL OpenSSL | =1.1.0a | |
| OpenSSL OpenSSL | =1.1.0b | |
| OpenSSL OpenSSL | =1.1.0c | |
| OpenSSL OpenSSL | =1.1.0d | |
| OpenSSL OpenSSL | =1.1.0e | |
| OpenSSL OpenSSL | =1.1.0f | |
| OpenSSL OpenSSL | =1.1.0g | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Nodejs Node.js | >=4.0.0<=4.1.2 | |
| Nodejs Node.js | >=4.2.0<4.8.7 | |
| Nodejs Node.js | >=6.0.0<=6.8.1 | |
| Nodejs Node.js | >=6.9.0<6.12.2 | |
| Nodejs Node.js | >=8.0.0<=8.8.1 | |
| Nodejs Node.js | >=8.9.0<8.9.3 | |
| Nodejs Node.js | >=9.0.0<9.2.1 | |
| debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u2 3.1.4-2 | |
| redhat/openssl | <1.0.2 | 1.0.2 |
| <=10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
- https://www.ibm.com/support/pages/node/7057377 (Advisory)
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/102118
- http://www.securitytracker.com/id/1039978
- https://access.redhat.com/errata/RHSA-2018:0998
- https://access.redhat.com/errata/RHSA-2018:2185
- https://access.redhat.com/errata/RHSA-2018:2186
- https://access.redhat.com/errata/RHSA-2018:2187
- https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a
- https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc
- https://security.gentoo.org/glsa/201712-03
- https://security.netapp.com/advisory/ntap-20171208-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us
- https://www.debian.org/security/2017/dsa-4065
- https://www.debian.org/security/2018/dsa-4157
- https://www.openssl.org/news/secadv/20171207.txt
- https://www.openssl.org/news/secadv/20180327.txt
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2017-16
- https://www.tenable.com/security/tns-2018-04
- https://www.tenable.com/security/tns-2018-06
- https://www.tenable.com/security/tns-2018-07
- https://access.redhat.com/security/cve/CVE-2016-0701
- https://access.redhat.com/security/cve/CVE-2017-3736
- https://access.redhat.com/security/cve/CVE-2017-3732
- https://access.redhat.com/security/cve/CVE-2015-3193
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523513
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523511
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523512
- https://github.com/openssl/openssl/commit/5630661aecbea5fe3c4740f5fea744a1f07a6253
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://bugzilla.redhat.com/show_bug.cgi?id=1523510
- https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
- https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
- https://security-tracker.debian.org/tracker/CVE-2017-3738
Frequently Asked Questions
What is CVE-2017-3738?
CVE-2017-3738 is a vulnerability in OpenSSL that could allow a remote attacker to obtain sensitive information caused by an overflow bug in the AVX2 Montgomery multiplication procedure.
Which software versions are affected by CVE-2017-3738?
Versions 1.0.2 up to and excluding 1.1.0 of OpenSSL, as well as certain versions of Node.js and IBM Security Verify Governance, are affected by CVE-2017-3738.
What is the severity of CVE-2017-3738?
The severity of CVE-2017-3738 is medium, with a CVSS score of 5.9.
Are RSA and DSA algorithms affected by CVE-2017-3738?
No, analysis suggests that attacks against RSA and DSA as a result of this vulnerability would be very difficult to perform and are not believed likely.
Where can I find more information about CVE-2017-3738?
You can find more information about CVE-2017-3738 on the Red Hat website: [link1], [link2], [link3].
- collector/nvd-index
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-3738
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/author
- agent/severity
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.0.2
- version/openssl openssl/1.0.2-beta1
- version/openssl openssl/1.0.2-beta2
- version/openssl openssl/1.0.2-beta3
- version/openssl openssl/1.0.2a
- version/openssl openssl/1.0.2b
- version/openssl openssl/1.0.2c
- version/openssl openssl/1.0.2d
- version/openssl openssl/1.0.2e
- version/openssl openssl/1.0.2f
- version/openssl openssl/1.0.2g
- version/openssl openssl/1.0.2h
- version/openssl openssl/1.0.2i
- version/openssl openssl/1.0.2j
- version/openssl openssl/1.0.2k
- version/openssl openssl/1.0.2l
- version/openssl openssl/1.0.2m
- version/openssl openssl/1.1.0
- version/openssl openssl/1.1.0a
- version/openssl openssl/1.1.0b
- version/openssl openssl/1.1.0c
- version/openssl openssl/1.1.0d
- version/openssl openssl/1.1.0e
- version/openssl openssl/1.1.0f
- version/openssl openssl/1.1.0g
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/nodejs
- canonical/nodejs node.js
- version/nodejs node.js/4.0.0
- version/nodejs node.js/4.1.2
- version/nodejs node.js/4.2.0
- version/nodejs node.js/6.0.0
- version/nodejs node.js/6.8.1
- version/nodejs node.js/6.9.0
- version/nodejs node.js/8.0.0
- version/nodejs node.js/8.8.1
- version/nodejs node.js/8.9.0
- version/nodejs node.js/9.0.0
- package-manager/debian
- package-manager/redhat
- vendor/ibm
- canonical/ibm security verify governance
- version/ibm security verify governance/10.0