CVE-2017-13099 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-13099 PUBLISHED

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."

EPSS 78.46% · 99.0th percentile

Risk Scores

EPSS Score

78.46%

99.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	wolfssl	0, 3.4.8+dfsg-1

Timeline

Dec 12, 2017 CVE Published
Apr 6, 2018 CVE Updated
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Mar 19, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 4, 2025 EPSS Score
Apr 5, 2025 EPSS Score
Apr 15, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2017-13099 third-party-advisory
https://github.com/wolfSSL/wolfssl/pull/1229 third-party-advisory
https://robotattack.org/ third-party-advisory
http://www.kb.cert.org/vuls/id/144389 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-13099 third-party-advisory
Vulnérabilité dans des implémentations de TLS advisory

Open in Interactive Console →