vulnerability context

CVE-2017-3736

CVSS 6.5 MEDIUMEPSS 92%CWE-200

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited numbe...

Published 2017-11-02 · last modified 2026-05-13

details

CISA KEV status: Not in catalog
CVSS v3: 6.5 / MEDIUM
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 92% percentile (score 0.0829)
CWE: CWE-200

View on NVD → · cve.org

source mentions 1

CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 befo...MSRC Update Guide · 9d ago

source consensus

MSRC Update Guide1×

Want the 3-bullet summary of CVE-2017-3736, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →