Lucene search

K

Veracode Vulnerability DatabaseVERACODE:6170

HistoryApr 23, 2018 - 7:59 a.m.

Denial Of Service (DoS) Through Error State

2018-04-2307:59:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

18

EPSS

0.946

Percentile

99.2%

OpenSSL is vulnerable to denial of service (DoS) attack. The vulnerability is possible when SSL_read() or SSL_write() is called directly after handshake functions (such as SSL_do_handshake(), SSL_accept() and SSL_connect()), leading to an “error state” that can crash the application.

References

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.securityfocus.com/bid/102103

www.securitytracker.com/id/1039978

access.redhat.com/errata/RHSA-2018:0998

access.redhat.com/errata/RHSA-2018:2185

access.redhat.com/errata/RHSA-2018:2186

access.redhat.com/errata/RHSA-2018:2187

bugzilla.redhat.com/show_bug.cgi?id=1523504

cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf

github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc

security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc

security.gentoo.org/glsa/201712-03

security.netapp.com/advisory/ntap-20171208-0001/

security.netapp.com/advisory/ntap-20180117-0002/

security.netapp.com/advisory/ntap-20180419-0002/

www.debian.org/security/2017/dsa-4065

www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/

www.openssl.org/news/secadv/20171207.txt

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.tenable.com/security/tns-2017-16

EPSS

0.946

Percentile

99.2%