Medium severity5.9NVD Advisory· Published May 4, 2017· Updated May 13, 2026

CVE-2017-3732

Description

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

Affected products

Node.js/Node.js2 versions
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*+ 1 more
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*range: >=4.0.0,<=4.1.2
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*range: >=4.2.0,<4.7.3
OpenSSL Project/OpenSSL16 versions
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*
- (no CPE)range: openssl-1.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvdPatchThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdPatchThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvdPatchThird Party Advisory
github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5bnvdPatch
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party Advisory
www.securityfocus.com/bid/95814nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037717nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2018:2185nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2186nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2187nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2568nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2575nvdThird Party Advisory
access.redhat.com/errata/RHSA-2018:2713nvdThird Party Advisory
security.freebsd.org/advisories/FreeBSD-SA-17:02.openssl.ascnvdThird Party Advisory
security.gentoo.org/glsa/201702-07nvdThird Party Advisory
support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
www.openssl.org/news/secadv/20170126.txtnvdVendor Advisory
www.tenable.com/security/tns-2017-04nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000