BSA-2017-259

2017-05-02T00:00:00

Description

#### Summary If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. **Affected Products** Product | Current Assessment ---|--- Brocade ServerIron ADX | Impacted: Fixed in 12.5.02n. Brocade Virtual ADX | Impacted: Fixed in 4.0.00f. **Products Confirmed Not Vulnerable** Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network OS, Brocade Services Director, Brocade SLX-OS, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability. ******Workaround****** There are no workarounds that address this vulnerability. #### ****Revision History**** Version | Change | Date ---|---|--- 1.0 | Initial Publication | May 2, 2017

Affected Software

CPE Name	Name	Version
	brocade serveriron adx	12.5.02n
	brocade virtual adx	4.0.00f

{"id": "BSA-2017-259", "type": "broadcom", "bulletinFamily": "software", "title": "BSA-2017-259", "description": "#### Summary\n\nIf an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash.\n\n**Affected Products**\n\nProduct | Current Assessment \n---|--- \nBrocade ServerIron ADX | Impacted: Fixed in 12.5.02n. \nBrocade Virtual ADX | Impacted: Fixed in 4.0.00f. \n \n**Products Confirmed Not Vulnerable**\n\nBrocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network OS, Brocade Services Director, Brocade SLX-OS, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.\n\n******Workaround******\n\nThere are no workarounds that address this vulnerability.\n\n#### ****Revision History****\n\nVersion | Change | Date \n---|---|--- \n1.0 | Initial Publication | May 2, 2017\n", "published": "2017-05-02T00:00:00", "modified": "2017-05-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Broadcom Security Response", "references": [], "cvelist": [], "lastseen": "2020-12-24T11:41:02", "viewCount": 2, "enchantments": {"dependencies": {}, "score": {"value": 1.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.4}, "affectedSoftware": [{"version": "12.5.02n", "operator": "lt", "name": "brocade serveriron adx"}, {"version": "4.0.00f", "operator": "lt", "name": "brocade virtual adx"}], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645795432, "score": 1659840693, "affected_software_major_version": 1677294086, "epss": 1679050336}, "_internal": {"score_hash": "dbbc2d09a1e209739193e327437d4838"}}