CVE-2017-3738 (GCVE-0-2017-3738)

Vulnerability from cvelistv5 – Published: 2017-12-07 16:00 – Updated: 2024-09-16 18:34
VLAI
Summary
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.
Severity
No CVSS data available.
CWE
  • carry-propagating bug
Assigner
References
URL Tags
https://www.tenable.com/security/tns-2018-07 x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-04 x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2185 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2186 vendor-advisoryx_refsource_REDHAT
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisoryx_refsource_FREEBSD
https://security.gentoo.org/glsa/201712-03 vendor-advisoryx_refsource_GENTOO
http://www.securitytracker.com/id/1039978 vdb-entryx_refsource_SECTRACK
https://www.debian.org/security/2018/dsa-4157 vendor-advisoryx_refsource_DEBIAN
https://www.openssl.org/news/secadv/20171207.txt x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0998 vendor-advisoryx_refsource_REDHAT
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
https://github.com/openssl/openssl/commit/e502cc8… x_refsource_MISC
https://www.tenable.com/security/tns-2018-06 x_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-4065 vendor-advisoryx_refsource_DEBIAN
https://nodejs.org/en/blog/vulnerability/december… x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
http://www.securityfocus.com/bid/102118 vdb-entryx_refsource_BID
https://www.tenable.com/security/tns-2017-16 x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180327.txt x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2187 vendor-advisoryx_refsource_REDHAT
https://security.netapp.com/advisory/ntap-2017120… x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
Impacted products
Vendor Product Version
OpenSSL Software Foundation OpenSSL Affected: 1.0.2-1.02m
Affected: 1.1.0-1.1.0g
Create a notification for this product.
Date Public
2017-12-07 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-04"
          },
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "FreeBSD-SA-17:12",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
          },
          {
            "name": "GLSA-201712-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201712-03"
          },
          {
            "name": "1039978",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039978"
          },
          {
            "name": "DSA-4157",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20171207.txt"
          },
          {
            "name": "RHSA-2018:0998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0998"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-06"
          },
          {
            "name": "DSA-4065",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "102118",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102118"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20180327.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.2-1.02m"
            },
            {
              "status": "affected",
              "version": "1.1.0-1.1.0g"
            }
          ]
        }
      ],
      "datePublic": "2017-12-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "carry-propagating bug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-23T22:31:33.000Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-04"
        },
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "FreeBSD-SA-17:12",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
        },
        {
          "name": "GLSA-201712-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201712-03"
        },
        {
          "name": "1039978",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039978"
        },
        {
          "name": "DSA-4157",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20171207.txt"
        },
        {
          "name": "RHSA-2018:0998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0998"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-06"
        },
        {
          "name": "DSA-4065",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "name": "102118",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102118"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20180327.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-12-07T00:00:00",
          "ID": "CVE-2017-3738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.2-1.02m"
                          },
                          {
                            "version_value": "1.1.0-1.1.0g"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "carry-propagating bug"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/tns-2018-07",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-07"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-04"
            },
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "FreeBSD-SA-17:12",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc"
            },
            {
              "name": "GLSA-201712-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201712-03"
            },
            {
              "name": "1039978",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039978"
            },
            {
              "name": "DSA-4157",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4157"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20171207.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20171207.txt"
            },
            {
              "name": "RHSA-2018:0998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0998"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-06",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-06"
            },
            {
              "name": "DSA-4065",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4065"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "102118",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102118"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-16"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20180327.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20180327.txt"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171208-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171208-0001/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3738",
    "datePublished": "2017-12-07T16:00:00.000Z",
    "dateReserved": "2016-12-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:34:25.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-3738",
      "date": "2026-05-31",
      "epss": "0.15507",
      "percentile": "0.94784"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"18797BEE-417D-4959-9AAD-C5A7C051B524\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FAA3C31-BD9D-45A9-A502-837FECA6D479\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6455A421-9956-4846-AC7C-3431E0D37D23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60F946FD-F564-49DA-B043-5943308BA9EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C986592-4086-4A39-9767-EF34DBAA6A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B23181C-03DB-4E92-B3F6-6B585B5231B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94D9EC1C-4843-4026-9B05-E060E9391734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036FB24F-7D86-4730-8BC9-722875BEC807\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDF148A3-1AA7-4F27-85AB-414C609C626F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E15B749E-6808-4788-AE42-7A1587D8697E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F80C8D-BCA2-40AD-BD22-B70C7BE1B298\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70B78EDF-6BB7-42C4-9423-9332C62C6E43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2354F82-A01B-43D2-84F4-4E94B258E091\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73104834-5810-48DD-9B97-549D223853F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFC70262-0DCD-4B46-9C96-FD18D0207511\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2E07A34-08A0-4765-AF81-46A3BDC5648A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B0A3D8-60C7-4F42-9DD6-C535F983D98B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD08E859-BB6D-4909-A873-C2609FA2821A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2BF7D67-EAF4-4D01-9185-0DB69F2C543B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.0g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"179144A7-D263-4BD8-A019-35DE39C777FC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndIncluding\": \"4.1.2\", \"matchCriteriaId\": \"A47FC4F7-1F77-4314-B4B3-3C5D8E335379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"4.2.0\", \"versionEndExcluding\": \"4.8.7\", \"matchCriteriaId\": \"3818E441-8DC4-42E6-8D11-E58D195CBE8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.8.1\", \"matchCriteriaId\": \"D107EC29-67E7-40C3-8E5A-324C9105C5E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"6.9.0\", \"versionEndExcluding\": \"6.12.2\", \"matchCriteriaId\": \"BEA03114-7288-4E7C-9220-C0ABCD5F0389\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.8.1\", \"matchCriteriaId\": \"74FB695D-2C76-47AB-988E-5629D2E695E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"8.9.0\", \"versionEndExcluding\": \"8.9.3\", \"matchCriteriaId\": \"C45E9D50-CD3D-480B-B9B8-451ADFF26505\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.2.1\", \"matchCriteriaId\": \"82FDBB10-3298-4C9A-9CC0-D34643AEC868\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.\"}, {\"lang\": \"es\", \"value\": \"Existe un error de desbordamiento en el procedimiento de multiplicaci\\u00f3n AVX2 Montgomery empleado en la exponenciaci\\u00f3n con m\\u00f3dulos de 1024 bits. Los algoritmos EC no se han visto afectados. Los an\\u00e1lisis sugieren que los ataques contra RSA y DSA como resultado de este defecto ser\\u00edan muy dif\\u00edciles de realizar y se cree que son improbables. Los ataques contra DH102 se consideran solo posibles, ya que la mayor parte del trabajo necesario para deducir informaci\\u00f3n sobre una clave privada puede realizarse sin conexi\\u00f3n. La cantidad de recursos necesarios para realizar tal ataque ser\\u00eda significativa. Sin embargo, para que un ataque sobre TLS sea significativo, el servidor tendr\\u00eda que compartir la clave privada DH1024 entre m\\u00faltiples clientes, lo que ya no es una opci\\u00f3n desde CVE-2016-0701. Esto solo afecta a procesadores compatibles con la extensi\\u00f3n AVX2, pero no la ADX, como Intel Haswell (cuarta generaci\\u00f3n). Nota: El impacto de este problema es similar a CVE-2017-3736, CVE-2017-3732 y CVE-2015-3193. Se han visto afectadas las versiones 1.0.2-1.0.2m y 1.1.0-1.1.0g de OpenSSL. Se ha solucionado en OpenSSL 1.0.2n. Debido a la baja gravedad de este problema, no se va a lanzar una nueva versi\\u00f3n de OpenSSL 1.1.0 en este momento. La correcci\\u00f3n se aplicar\\u00e1 en OpenSSL 1.1.0h cuando est\\u00e9 disponible. La correcci\\u00f3n tambi\\u00e9n estar\\u00e1 disponible en el commit con ID e502cc86d en el repositorio Git de OpenSSL.\"}]",
      "id": "CVE-2017-3738",
      "lastModified": "2024-11-21T03:26:02.510",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-07T16:29:00.240",
      "references": "[{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102118\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039978\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0998\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2185\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2186\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2187\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201712-03\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171208-0001/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4065\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4157\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20171207.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20180327.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2017-16\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2018-04\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2018-06\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2018-07\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039978\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2185\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2186\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201712-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20171208-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20171207.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20180327.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2017-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2018-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2018-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2018-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "openssl-security@openssl.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3738\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2017-12-07T16:29:00.240\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.\"},{\"lang\":\"es\",\"value\":\"Existe un error de desbordamiento en el procedimiento de multiplicaci\u00f3n AVX2 Montgomery empleado en la exponenciaci\u00f3n con m\u00f3dulos de 1024 bits. Los algoritmos EC no se han visto afectados. Los an\u00e1lisis sugieren que los ataques contra RSA y DSA como resultado de este defecto ser\u00edan muy dif\u00edciles de realizar y se cree que son improbables. Los ataques contra DH102 se consideran solo posibles, ya que la mayor parte del trabajo necesario para deducir informaci\u00f3n sobre una clave privada puede realizarse sin conexi\u00f3n. La cantidad de recursos necesarios para realizar tal ataque ser\u00eda significativa. Sin embargo, para que un ataque sobre TLS sea significativo, el servidor tendr\u00eda que compartir la clave privada DH1024 entre m\u00faltiples clientes, lo que ya no es una opci\u00f3n desde CVE-2016-0701. Esto solo afecta a procesadores compatibles con la extensi\u00f3n AVX2, pero no la ADX, como Intel Haswell (cuarta generaci\u00f3n). Nota: El impacto de este problema es similar a CVE-2017-3736, CVE-2017-3732 y CVE-2015-3193. Se han visto afectadas las versiones 1.0.2-1.0.2m y 1.1.0-1.1.0g de OpenSSL. Se ha solucionado en OpenSSL 1.0.2n. Debido a la baja gravedad de este problema, no se va a lanzar una nueva versi\u00f3n de OpenSSL 1.1.0 en este momento. La correcci\u00f3n se aplicar\u00e1 en OpenSSL 1.1.0h cuando est\u00e9 disponible. La correcci\u00f3n tambi\u00e9n estar\u00e1 disponible en el commit con ID e502cc86d en el repositorio Git de OpenSSL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"18797BEE-417D-4959-9AAD-C5A7C051B524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAA3C31-BD9D-45A9-A502-837FECA6D479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6455A421-9956-4846-AC7C-3431E0D37D23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60F946FD-F564-49DA-B043-5943308BA9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C986592-4086-4A39-9767-EF34DBAA6A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B23181C-03DB-4E92-B3F6-6B585B5231B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D9EC1C-4843-4026-9B05-E060E9391734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036FB24F-7D86-4730-8BC9-722875BEC807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDF148A3-1AA7-4F27-85AB-414C609C626F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E15B749E-6808-4788-AE42-7A1587D8697E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F80C8D-BCA2-40AD-BD22-B70C7BE1B298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B78EDF-6BB7-42C4-9423-9332C62C6E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2354F82-A01B-43D2-84F4-4E94B258E091\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73104834-5810-48DD-9B97-549D223853F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC70262-0DCD-4B46-9C96-FD18D0207511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2E07A34-08A0-4765-AF81-46A3BDC5648A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B0A3D8-60C7-4F42-9DD6-C535F983D98B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD08E859-BB6D-4909-A873-C2609FA2821A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BF7D67-EAF4-4D01-9185-0DB69F2C543B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.0g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"179144A7-D263-4BD8-A019-35DE39C777FC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.1.2\",\"matchCriteriaId\":\"A47FC4F7-1F77-4314-B4B3-3C5D8E335379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.8.7\",\"matchCriteriaId\":\"3818E441-8DC4-42E6-8D11-E58D195CBE8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.8.1\",\"matchCriteriaId\":\"D107EC29-67E7-40C3-8E5A-324C9105C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"6.9.0\",\"versionEndExcluding\":\"6.12.2\",\"matchCriteriaId\":\"BEA03114-7288-4E7C-9220-C0ABCD5F0389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.8.1\",\"matchCriteriaId\":\"74FB695D-2C76-47AB-988E-5629D2E695E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.9.3\",\"matchCriteriaId\":\"C45E9D50-CD3D-480B-B9B8-451ADFF26505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.1\",\"matchCriteriaId\":\"82FDBB10-3298-4C9A-9CC0-D34643AEC868\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102118\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039978\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0998\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2185\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2186\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2187\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201712-03\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171208-0001/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4065\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4157\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20171207.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20180327.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2017-16\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-04\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-06\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-07\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201712-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171208-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03881en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20171207.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20180327.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2017-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.