Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2017-3731

UNKNOWN

Published 2017-05-04T19:00:00Z

Actions:

No CVSS data available

Description

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

OpenSSL

Affected Versions:

openssl-1.1.0 openssl-1.1.0a openssl-1.1.0b openssl-1.1.0c openssl-1.0.2 openssl-1.0.2a openssl-1.0.2b openssl-1.0.2c openssl-1.0.2d openssl-1.0.2e openssl-1.0.2f openssl-1.0.2g openssl-1.0.2h openssl-1.0.2i openssl-1.0.2j

References

https://access.redhat.com/errata/RHSA-2018:2185

https://access.redhat.com/errata/RHSA-2018:2186

https://security.netapp.com/advisory/ntap-20171019-0002/

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.securityfocus.com/bid/95813

http://rhn.redhat.com/errata/RHSA-2017-0286.html

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc

https://www.openssl.org/news/secadv/20170126.txt

http://www.securitytracker.com/id/1037717

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://www.tenable.com/security/tns-2017-04

https://source.android.com/security/bulletin/pixel/2017-11-01

https://security.gentoo.org/glsa/201702-07

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.debian.org/security/2017/dsa-3773

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us

https://access.redhat.com/errata/RHSA-2018:2187

https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://security.paloaltonetworks.com/CVE-2017-3731

Published: 2017-05-04T19:00:00Z

Last Modified: 2024-09-16T22:40:54.865Z

Copied to clipboard!