漏洞标题
N/A
漏洞描述信息
在 OpenSSL 1.0.2 和 1.1.0 之前版本(1.1.0c 之前)中,存在一种针对 Broadwell 特定Montgomery乘法程序的传递 bug。该程序处理输入长度除以但大于 256 位的数据。分析表明,针对 RSA、DSA 和 DH私钥的攻击是不可能的。这是因为该子程序并未用于与私钥本身相关的操作以及攻击者直接选择的数据输入。否则,该 bug 可能表现为短暂的认证和密钥协商失败或通过特别设计的输入重复出现的错误结果的公共密钥操作。在 EC 算法中,只影响 Brainpool P-512 曲线,而且一个人 presumably 可以攻击 ECDH 密钥协商。由于没有对攻击的前置条件进行详细分析,因为攻击的可能性被认为是不太可能的。具体来说,多个客户端必须选择该曲线,而服务器必须在其中共享私钥,而后者并不是默认行为。即便如此,受影响的只有选择该曲线的客户端。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
OpenSSL 安全漏洞
漏洞描述信息
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.1.0c之前的1.0.2版本和1.1.0版本中的Broadwell-specific Montgomery multiplication procedure存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
CVSS信息
N/A
漏洞类别
加密问题