tnozaki / NetBSD / issues / #146 - [OpenSSL-1.0.2] TNF local patch - CVE-2017-3738 rsaz_1024_mul_avx2 overflow bug on x86_64 — Bitbucket

Issue #146 resolved

Takehiko NOZAKI repo owner created an issue 2019-07-09

TNF local patch audit

crypto/bn/asm/rsaz-avx2.pl

original commit message:

http://mail-index.netbsd.org/source-changes/2018/04/18/msg094491.html

patch-06

Comments (1)

Takehiko NOZAKI reporter
BUGFIX: Issue ~~#146~~ - CVE-2017-3738 rsaz_1024_mul_avx2 overflow bug on x86_64

cherry-picked from OpenSSL-1_0_2-stable branch: https://github.com/openssl/openssl/commit/ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76

original commit message:

bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.

Credit to OSS-Fuzz for finding this.

CVE-2017-3738

Reviewed-by: Rich Salz rsalz@openssl.org

→ <<cset f8d6d54119c2994cf60dca6011ce98b56abc1031>>
- 2019-07-23T14:42:19+00:00
Log in to comment

Assignee: Takehiko NOZAKI

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1