AVG-550

Package openssl-1.0
Status Fixed
Severity Medium
Type multiple issues
Affected 1.0.2.l-2
Fixed 1.0.2.n-1
Current 1.0.2.s-1 [core]
Ticket None
Created Sun Dec 17 17:56:03 2017
Issue Severity Remote Type Description
CVE-2017-3738 Medium Yes Private key recovery
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected....
CVE-2017-3737 Medium Yes Information disclosure
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then...