CVE-2017-3731 Truncated packet could crash via OOB read

2017-01-2600:00:00

openssl

www.cve.org

7.7 High

AI Score

Confidence

High

0.046 Low

EPSS

Percentile

92.6%

JSON

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

CNA Affected

[
  {
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "status": "affected",
        "version": "openssl-1.1.0"
      },
      {
        "status": "affected",
        "version": "openssl-1.1.0a"
      },
      {
        "status": "affected",
        "version": "openssl-1.1.0b"
      },
      {
        "status": "affected",
        "version": "openssl-1.1.0c"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2a"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2b"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2c"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2d"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2e"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2f"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2g"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2h"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2i"
      },
      {
        "status": "affected",
        "version": "openssl-1.0.2j"
      }
    ]
  }
]