OpenSSL is vulnerable to denial of service (DoS) attacks. The vulnerability exists when a truncated packet causes an out-of-bounds (OOB) read on an SSL/TLS server/client on a 32-bit host using a specific cipher such as CHACHA20/POLY1305 or RC4-MD5 cipher.

References

rhn.redhat.com/errata/RHSA-2017-0286.html

www.debian.org/security/2017/dsa-3773

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.securityfocus.com/bid/95813

www.securitytracker.com/id/1037717

access.redhat.com/errata/RHSA-2018:2185

access.redhat.com/errata/RHSA-2018:2186

access.redhat.com/errata/RHSA-2018:2187

github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21

security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc

security.gentoo.org/glsa/201702-07

security.netapp.com/advisory/ntap-20171019-0002/

security.paloaltonetworks.com/CVE-2017-3731

source.android.com/security/bulletin/pixel/2017-11-01

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us

www.openssl.org/news/secadv/20170126.txt

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.tenable.com/security/tns-2017-04

checkpoint_advisories 1

ibm 49

cvelist 1

nvd 1

aix 1

openvas 30

osv 5

prion 1

alpinelinux 1

nessus 54

f5 1

paloalto 1

ubuntucve 1

debiancve 1

openssl 1

cve 1

oraclelinux 5

centos 1

amazon 1

redhat 4

altlinux 5

debian 2

myhack58 1

fedora 2

freebsd_advisory 1

slackware 1

symantec 1

mageia 2

huawei 1

archlinux 2

gentoo 1

nodejsblog 1

freebsd 1

fortinet 1

cisco 1

suse 5

ubuntu 1

cloudfoundry 1

veracode 1

packetstorm 1

androidsecurity 1

oracle 5

checkpoint_advisories

OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow (CVE-2017-3731)

2017-02-27 00:00:00

ibm

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by an OpenSSL vulnerability (CVE-2017-3731)

2019-11-18 13:57:34

Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Direct for UNIX (CVE-2017-3731)

2020-07-24 22:19:08

Security Bulletin: Vulnerability in OpenSSL affect IBM SONAS (CVE-2017-3731)

2018-06-18 00:32:51

cvelist

CVE-2017-3731 Truncated packet could crash via OOB read

2017-05-04 19:00:00

nvd

CVE-2017-3731

2017-05-04 19:29:00

aix

There is a vulnerability in OpenSSL used by AIX

2017-02-17 16:58:26

openvas

Oracle Mysql Security Updates (oct2017-3236626) 03 - Windows

2017-10-18 00:00:00

Palo Alto PAN-OS OpenSSL Vulnerability

2017-05-23 00:00:00

Oracle Mysql Security Updates (oct2017-3236626) 03 - Linux

2017-10-18 00:00:00

osv

CVE-2017-3731

2017-05-04 19:29:00

openssl - security update

2017-01-27 00:00:00

openssl - security update

2017-02-01 00:00:00

prion

Out-of-bounds

2017-05-04 19:29:00

alpinelinux

CVE-2017-3731

2017-05-04 19:29:00

nessus

AIX OpenSSL Advisory : openssl_advisory23.asc

2018-03-08 00:00:00

F5 Networks BIG-IP : OpenSSL vulnerability (K37526132)

2017-02-24 00:00:00

Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)

2017-02-21 00:00:00

K37526132 : OpenSSL vulnerability CVE-2017-3731

2017-02-23 00:00:00

paloalto

OpenSSL Vulnerability

2017-04-20 18:00:00

ubuntucve

CVE-2017-3731

2017-01-26 00:00:00

debiancve

CVE-2017-3731

2017-05-04 19:29:00

openssl

Vulnerability in OpenSSL - Truncated packet could crash via OOB read

2017-01-26 00:00:00

cve

CVE-2017-3731

2017-05-04 19:29:00

oraclelinux

openssl security update

2017-02-20 00:00:00

openssl security update

2017-02-20 00:00:00

openssl security update

2017-02-20 00:00:00

centos

openssl security update

2017-02-21 11:44:42

amazon

Medium: openssl

2017-03-06 14:00:00

redhat

(RHSA-2017:0286) Moderate: openssl security update

2017-02-20 09:06:19

(RHSA-2018:2187) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

2018-07-12 16:04:13

(RHSA-2018:2186) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update

2018-07-12 16:04:10

altlinux

Security fix for the ALT Linux 9 package openssl10 version 1.0.2k-alt1

2017-01-26 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.2k-alt1

2017-01-26 00:00:00

Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2k-alt1

2017-01-26 00:00:00

debian

[SECURITY] [DLA 814-1] openssl security update

2017-02-01 23:12:31

[SECURITY] [DSA 3773-1] openssl security update

2017-01-27 19:48:57

myhack58

OpenSSL handshake renegotiation process in the presence of the vulnerability can lead to denial of service-vulnerability warning-the black bar safety net

2017-05-22 00:00:00

fedora

[SECURITY] Fedora 24 Update: openssl-1.0.2k-1.fc24

2017-02-09 20:52:22

[SECURITY] Fedora 25 Update: openssl-1.0.2k-1.fc25

2017-02-08 01:54:49

freebsd_advisory

FreeBSD-SA-17:02.openssl

2017-02-23 00:00:00

slackware

[slackware-security] openssl

2017-02-10 20:40:56

symantec

SA141 : OpenSSL Vulnerabilities 26-Jan-2017

2017-02-09 08:00:00

mageia

Updated openssl packages fix security vulnerability

2017-02-05 23:42:41

Updated virtualbox packages fix security vulnerabilities

2017-10-27 10:16:04

huawei

Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products

2017-05-03 00:00:00

archlinux

[ASA-201701-36] lib32-openssl: multiple issues

2017-01-27 00:00:00

[ASA-201701-37] openssl: multiple issues

2017-01-28 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2017-02-14 00:00:00

nodejsblog

OpenSSL update, 1.0.2k

2017-01-27 00:00:00

freebsd

OpenSSL -- multiple vulnerabilities

2017-01-26 00:00:00

fortinet

OpenSSL Security Advisory [26 Jan 2017]

2018-07-13 00:00:00

cisco

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017

2017-01-30 21:28:00

suse

Security update for openssl (important)

2018-01-16 18:08:42

Security update for mysql-community-server (important)

2017-10-27 18:28:48

Security update for openssl-steam (important)

2018-02-16 12:07:45

ubuntu

OpenSSL vulnerabilities

2017-01-31 00:00:00

cloudfoundry

USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry

2017-06-02 00:00:00

veracode

Vulnerability Through C Libraries

2017-11-01 05:30:33

packetstorm

Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle

2017-07-14 00:00:00

androidsecurity

Pixel&hairsp;/&hairsp;Nexus Security Bulletin—November 2017

2017-11-06 00:00:00

oracle

Oracle Critical Patch Update - January 2018

2018-01-16 00:00:00

Oracle Critical Patch Update Advisory - April 2019

2019-04-16 00:00:00

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.046

Percentile

92.5%

JSON

Related for VERACODE:3676