[OpenSSL-1.0.2] TNF local patch - CVE-2017-3738 rsaz_1024_mul_avx2 overflow bug on x86_64
Issue #146
resolved
TNF local patch audit
- crypto/bn/asm/rsaz-avx2.pl
original commit message:
http://mail-index.netbsd.org/source-changes/2018/04/18/msg094491.html
Comments (1)
-
reporter - Log in to comment
BUGFIX: Issue
- CVE-2017-3738 rsaz_1024_mul_avx2 overflow bug on x86_64#146cherry-picked from OpenSSL-1_0_2-stable branch: https://github.com/openssl/openssl/commit/ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
original commit message:
bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.
Credit to OSS-Fuzz for finding this.
CVE-2017-3738
Reviewed-by: Rich Salz rsalz@openssl.org
→ <<cset f8d6d54119c2994cf60dca6011ce98b56abc1031>>