CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2019/10/08 10:39 p.m.•59 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

7.5CVSS2.4AI score0.27588EPSS

Exploits1References2

RedHat Linux•added 2018/07/12 4:4 p.m.•0 views

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

5.9CVSS6.8AI score0.15507EPSS

Exploits1References5

Tenable Nessus•added 2018/07/03 12:0 a.m.•258 views

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1179)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms...

6.5CVSS6.9AI score0.42931EPSS

Exploits2References4

Veracode•added 2018/04/02 4:57 a.m.•44 views

Overflow In Multiplication Procedure

OpenSSL is vulnerable to an overflow error in AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This bug can be used to compromise private key information for certain situations and DH1024. It does affect processors supporting AVX2 but not ADX extensions e.g.,...

5.9CVSS6.4AI score0.15507EPSS

Exploits1References27Affected Software14

FreeBSD•added 2018/03/27 12:0 a.m.•36 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...

6.5CVSS7.2AI score0.15507EPSS

Exploits1References1

Tenable Nessus•added 2017/12/15 12:0 a.m.•111 views

OpenSSL 1.1.0 < 1.1.0h Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0h. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0h advisory. - Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given maliciou...

6.5CVSS6.7AI score0.15507EPSS

Exploits1References11

Broadcom•added 2017/12/09 12:0 a.m.•5 views

BSA-2018-528

Security Advisory ID : BSA-2018-528 Component : OpenSSL Revision : 1.0: Final There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this...

5.9CVSS8.7AI score0.27483EPSS

Exploits1

Prion•added 2017/12/07 4:29 p.m.•48 views

Buffer overflow

4.3CVSS5.9AI score0.27588EPSS

Exploits1References27Affected Software3

NVD•added 2017/12/07 4:29 p.m.•32 views

CVE-2017-3738

5.9CVSS6.1AI score0.15507EPSS

Exploits1References27

OSV•added 2017/12/07 4:29 p.m.•29 views

CVE-2017-3738

5.9CVSS8.6AI score

Exploits0References27

OSV•added 2017/12/07 4:29 p.m.•1 views

ALPINE-CVE-2017-3738

5.9CVSS8.7AI score0.15507EPSS

Exploits1References1

Cvelist•added 2017/12/07 4:0 p.m.•31 views

CVE-2017-3738

6.4AI score0.15507EPSS

Exploits1References27

CVE•added 2017/12/07 4:0 p.m.•382 views

CVE-2017-3738

CVE-2017-3738 is an overflow bug in the AVX2 Montgomery multiplication used for 1024-bit moduli in OpenSSL. The issue affects x86_64 builds with AVX2 (not ADX) and can, in very unlikely cases, enable private-key recovery on affected architectures. OpenSSL 1.0.2n fixes the flaw; OpenSSL 1.1.0 is n...

5.9CVSS6.4AI score0.15507EPSS

Exploits1References27Affected Software1