CVE-2017-3738

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the fixed version

Description The vulnerability in the AVX2 Montgomery procedure of the OpenSSL library is related to insufficient protection of service data. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information using a closed key DH1024. The vulnerability is caused by an overflow in the multiplication procedure according to the Montgomery algorithm AVX2 when raising to a power modulo a 1024-bit module. Attacks on RSA and DSA are considered difficult to implement and unlikely. However, attacks on Diffie-Hellman algorithms (DH1024) are considered difficult but possible, as the main part of the work to extract data about the secret key can be performed without connecting to the system. Significant resources are required to carry out such attacks. To attack a TLS server, it is necessary to distribute the secret key DH1024 among a large number of clients. Only processors that support AVX2 extensions (not ADX) are vulnerable, such as Intel Haswell 4th generation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.