Problem Description:
If an X.509 certificate has a malformed IPAddressFamily
extension, OpenSSL could do a one-byte buffer overread.
[CVE-2017-3735]
There is a carry propagating bug in the x86_64 Montgomery
squaring procedure. This only affects processors that support
the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th
generation) and later or AMD Ryzen. [CVE-2017-3736] This
bug only affects FreeBSD 11.x.
Impact:
Application using OpenSSL may display erroneous certificate
in text format. [CVE-2017-3735]
Mishandling of carry propagation will produce incorrect
output, and make it easier for a remote attacker to obtain
sensitive private-key information. No EC algorithms are
affected, analysis suggests that attacks against RSA and
DSA as a result of this defect would be very difficult to
perform and are not believed likely.
Attacks against DH are considered just feasible (although
very difficult) because most of the work necessary to deduce
information about a private key may be performed offline.
The amount of resources required for such an attack would
be very significant and likely only accessible to a limited
number of attackers. An attacker would additionally need
online access to an unpatched system using the target private
key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. [CVE-2017-3736]