VDB
CVE-2017-13099
CVE-2017-13099
PUBLISHED
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
EPSS 76.91% · 99.0th percentile
Risk Scores
EPSS Score
76.91%
99.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | wolfssl | 0, 3.4.8+dfsg-1 |
Exploit Intelligence
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) (github-poc)
- D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
- D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
- D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project) (github-poc)
…and 4 more exploits
Timeline
- Dec 12, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
- Apr 20, 2025 CVE Updated
References
- https://ubuntu.com/security/CVE-2017-13099 third-party-advisory
- https://github.com/wolfSSL/wolfssl/pull/1229 third-party-advisory
- https://robotattack.org/ third-party-advisory
- http://www.kb.cert.org/vuls/id/144389 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-13099 third-party-advisory
- Vulnérabilité dans des implémentations de TLS advisory