Lucene search

[email protected]CVE-2017-3731

HistoryMay 04, 2017 - 7:29 p.m.

CVE-2017-3731

2017-05-0419:29:00

CWE-125

[email protected]

web.nvd.nist.gov

197

ssl/tls

32-bit

host

crash

truncated packet

openssl 1.1.0d

openssl 1.0.2k

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.046 Low

EPSS

Percentile

92.6%

JSON

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Affected configurations

NVD

Node

opensslopensslMatch1.1.0a

opensslopensslMatch1.1.0b

opensslopensslMatch1.1.0c

Node

opensslopensslMatch1.0.2

opensslopensslMatch1.0.2beta1

opensslopensslMatch1.0.2beta2

opensslopensslMatch1.0.2beta3

opensslopensslMatch1.0.2a

opensslopensslMatch1.0.2b

opensslopensslMatch1.0.2c

opensslopensslMatch1.0.2d

opensslopensslMatch1.0.2e

opensslopensslMatch1.0.2f

opensslopensslMatch1.0.2h

opensslopensslMatch1.0.2i

opensslopensslMatch1.0.2j

Node

nodejsnode.jsRange4.0.0–4.1.2-

nodejsnode.jsRange4.2.0–4.7.3lts

nodejsnode.jsRange5.0.0–5.12.0-

nodejsnode.jsRange6.0.0–6.8.1-

nodejsnode.jsRange6.9.0–6.9.5lts

nodejsnode.jsRange7.0.0–7.5.0-

CPENameOperatorVersion
openssl:opensslopenssleq1.1.0a
openssl:opensslopenssleq1.1.0b
openssl:opensslopenssleq1.1.0c

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	1.1.0a
openssl:openssl	openssl	eq	1.1.0b
openssl:openssl	openssl	eq	1.1.0c

CNA Affected

[
  {
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "status": "affected",
        "version": "openssl-1.1.0"
      },
      {
        "status": "affected",
        "version": "openssl-1.1.0a"
      },
      {
        "status": "affected",
        "version": "openssl-1.1.0b"
      },
      {
        "status": "affected",
        "version": "openssl-1.1.0c"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2a"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2b"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2c"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2d"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2e"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2f"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2g"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2h"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2i"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2j"
      }
    ]
  }
]