Lucene search

K
nvd[email protected]NVD:CVE-2017-3731
HistoryMay 04, 2017 - 7:29 p.m.

CVE-2017-3731

2017-05-0419:29:00
CWE-125
web.nvd.nist.gov
8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.046

Percentile

92.5%

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Affected configurations

Nvd
Node
opensslopensslMatch1.1.0a
OR
opensslopensslMatch1.1.0b
OR
opensslopensslMatch1.1.0c
Node
opensslopensslMatch1.0.2
OR
opensslopensslMatch1.0.2beta1
OR
opensslopensslMatch1.0.2beta2
OR
opensslopensslMatch1.0.2beta3
OR
opensslopensslMatch1.0.2a
OR
opensslopensslMatch1.0.2b
OR
opensslopensslMatch1.0.2c
OR
opensslopensslMatch1.0.2d
OR
opensslopensslMatch1.0.2e
OR
opensslopensslMatch1.0.2f
OR
opensslopensslMatch1.0.2h
OR
opensslopensslMatch1.0.2i
OR
opensslopensslMatch1.0.2j
Node
nodejsnode.jsRange4.0.0ā€“4.1.2-
OR
nodejsnode.jsRange4.2.0ā€“4.7.3lts
OR
nodejsnode.jsRange5.0.0ā€“5.12.0-
OR
nodejsnode.jsRange6.0.0ā€“6.8.1-
OR
nodejsnode.jsRange6.9.0ā€“6.9.5lts
OR
nodejsnode.jsRange7.0.0ā€“7.5.0-
VendorProductVersionCPE
opensslopenssl1.1.0acpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
opensslopenssl1.1.0bcpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
opensslopenssl1.1.0ccpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
opensslopenssl1.0.2cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
opensslopenssl1.0.2acpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
opensslopenssl1.0.2bcpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
opensslopenssl1.0.2ccpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
Rows per page:
1-10 of 181

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.046

Percentile

92.5%