Lucene search
OpenSSLOPENSSL:CVE-2017-3731HistoryJan 26, 2017 - 12:00 a.m.
Vulnerability in OpenSSL CVE-2017-3731
2017-01-2600:00:00
www.openssl.org
32
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.046 Low
EPSS
Percentile
92.6%
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
Related
openvas
openvas
Palo Alto PAN-OS OpenSSL Vulnerability
2017-05-23 00:00:00
Oracle Mysql Security Updates (oct2017-3236626) 03 - Windows
2017-10-18 00:00:00
Oracle Mysql Security Updates (oct2017-3236626) 03 - Linux
2017-10-18 00:00:00
ubuntucve
ubuntucve
CVE-2017-3731
2017-01-26 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow (CVE-2017-3731)
2017-02-27 00:00:00
nvd
nvd
CVE-2017-3731
2017-05-04 19:29:00
ibm
ibm
Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Direct for UNIX (CVE-2017-3731)
2020-07-24 22:19:08
Security Bulletin: IBM WebSphere Cast Iron Solution is affected by an OpenSSL vulnerability (CVE-2017-3731)
2019-11-18 13:57:34
Security Bulletin: Vulnerability in OpenSSL affect IBM SONAS (CVE-2017-3731)
2018-06-18 00:32:51
cvelist
cvelist
CVE-2017-3731 Truncated packet could crash via OOB read
2017-01-26 00:00:00
nessus
nessus
AIX OpenSSL Advisory : openssl_advisory23.asc
2018-03-08 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (K37526132)
2017-02-24 00:00:00
CentOS 6 / 7 : openssl (CESA-2017:0286)
2017-02-22 00:00:00
prion
prion
Out-of-bounds
2017-05-04 19:29:00
aix
aix
There is a vulnerability in OpenSSL used by AIX
2017-02-17 16:58:26
osv
osv
CVE-2017-3731
2017-05-04 19:29:00
openssl - security update
2017-01-27 00:00:00
openssl - security update
2017-02-01 00:00:00
alpinelinux
alpinelinux
CVE-2017-3731
2017-05-04 19:29:00
paloalto
paloalto
OpenSSL Vulnerability
2017-04-20 18:00:00
f5
f5
K37526132 : OpenSSL vulnerability CVE-2017-3731
2017-02-23 00:00:00
cve
cve
CVE-2017-3731
2017-05-04 19:29:00
veracode
veracode
Denial Of Service (DoS) Through Out Of Bounds Read
2017-03-17 08:05:26
Vulnerability Through C Libraries
2017-11-01 05:30:33
debiancve
debiancve
CVE-2017-3731
2017-05-04 19:29:00
centos
centos
openssl security update
2017-02-21 11:44:42
oraclelinux
oraclelinux
openssl security update
2017-02-20 00:00:00
openssl security update
2017-02-20 00:00:00
openssl security update
2017-02-20 00:00:00
amazon
amazon
Medium: openssl
2017-03-06 14:00:00
redhat
redhat
(RHSA-2017:0286) Moderate: openssl security update
2017-02-20 09:06:19
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2k-alt1
2017-01-26 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.2k-alt1
2017-01-26 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:02.openssl
2017-02-23 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: openssl-1.0.2k-1.fc25
2017-02-08 01:54:49
[SECURITY] Fedora 24 Update: openssl-1.0.2k-1.fc24
2017-02-09 20:52:22
slackware
slackware
[slackware-security] openssl
2017-02-10 20:40:56
debian
debian
[SECURITY] [DSA 3773-1] openssl security update
2017-01-27 19:48:57
[SECURITY] [DLA 814-1] openssl security update
2017-02-01 23:12:31
myhack58
myhack58
mageia
mageia
Updated openssl packages fix security vulnerability
2017-02-05 23:42:41
Updated virtualbox packages fix security vulnerabilities
2017-10-27 10:16:04
symantec
symantec
SA141 : OpenSSL Vulnerabilities 26-Jan-2017
2017-02-09 08:00:00
huawei
huawei
Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products
2017-05-03 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2017-01-26 00:00:00
archlinux
archlinux
[ASA-201701-36] lib32-openssl: multiple issues
2017-01-27 00:00:00
[ASA-201701-37] openssl: multiple issues
2017-01-28 00:00:00
nodejsblog
nodejsblog
OpenSSL update, 1.0.2k
2017-01-27 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2017-02-14 00:00:00
fortinet
fortinet
OpenSSL Security Advisory [26 Jan 2017]
2018-07-13 00:00:00
cisco
cisco
suse
suse
Security update for openssl (important)
2018-01-16 18:08:42
Security update for mysql-community-server (important)
2017-10-27 18:28:48
Security update for openssl-steam (important)
2018-02-16 12:07:45
ubuntu
ubuntu
OpenSSL vulnerabilities
2017-01-31 00:00:00
cloudfoundry
cloudfoundry
USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry
2017-06-02 00:00:00
packetstorm
packetstorm
Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
2017-07-14 00:00:00
androidsecurity
androidsecurity
Pixel / Nexus Security Bulletin—November 2017
2017-11-06 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.046 Low
EPSS
Percentile
92.6%
Related for OPENSSL:CVE-2017-3731