VDB
CVE-2017-1000385
CVE-2017-1000385
PUBLISHED
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
EPSS 83.32% · 99.3th percentile
Risk Scores
EPSS Score
83.32%
99.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | erlang | *, 0, 1:18.0-dfsg-1ubuntu2 |
| Ubuntu:14.04:LTS | erlang | 1:16.b.1-dfsg-4ubuntu1, 1:16.b.2-dfsg-1ubuntu1, 1:16.b.3-dfsg-1ubuntu1 |
Exploit Intelligence
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
- D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
- D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
…and 4 more exploits
Timeline
- Dec 8, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 26, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- Apr 13, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-1000385 third-party-advisory
- https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM third-party-advisory
- https://ubuntu.com/security/notices/USN-3571-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-1000385 third-party-advisory
- Vulnérabilité dans des implémentations de TLS advisory