CVE-2017-3731

MEDIUM

Description

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

References

http://rhn.redhat.com/errata/RHSA-2017-0286.html

http://securityadvisories.paloaltonetworks.com/Home/Detail/82

http://www.debian.org/security/2017/dsa-3773

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/95813

http://www.securitytracker.com/id/1037717

https://access.redhat.com/errata/RHSA-2018:2185

https://access.redhat.com/errata/RHSA-2018:2186

https://access.redhat.com/errata/RHSA-2018:2187

https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc

https://security.gentoo.org/glsa/201702-07

https://security.netapp.com/advisory/ntap-20171019-0002/

https://source.android.com/security/bulletin/pixel/2017-11-01

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us

https://www.openssl.org/news/secadv/20170126.txt

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.tenable.com/security/tns-2017-04

Details

Source: MITRE

Published: 2017-05-04

Updated: 2019-04-23

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*

Tenable Plugins

View all (52 total)

ID	Name	Product	Family	Severity
124059	Oracle Access Manager Multiple Vulnerabilities (Jan 2018 CPU)	Nessus	Misc.	high
119996	SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2017:0855-1)	Nessus	SuSE Local Security Checks	medium
119992	SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2017:0431-1)	Nessus	SuSE Local Security Checks	medium
111147	RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 (RHSA-2018:2186)	Nessus	Red Hat Local Security Checks	high
111146	RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 (RHSA-2018:2185)	Nessus	Red Hat Local Security Checks	high
107230	AIX OpenSSL Advisory : openssl_advisory23.asc	Nessus	AIX Local Security Checks	medium
106863	openSUSE Security Update : openssl-steam (openSUSE-2018-168)	Nessus	SuSE Local Security Checks	high
106093	SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)	Nessus	SuSE Local Security Checks	critical
104234	openSUSE Security Update : mysql-community-server (openSUSE-2017-1196)	Nessus	SuSE Local Security Checks	medium
102698	ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (VMSA-2017-0015) (remote check)	Nessus	Misc.	medium
102699	Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10775)	Nessus	Junos Local Security Checks	high
101979	MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	medium
101978	MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	medium
101821	MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU)	Nessus	Databases	medium
101820	MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	medium
101424	Virtuozzo 6 : openssl / openssl-devel / openssl-perl / etc (VZLSA-2017-0286)	Nessus	Virtuozzo Local Security Checks	medium
101046	Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities (TNS-2017-04)	Nessus	Misc.	medium
100419	Palo Alto Networks PAN-OS 6.1.x < 6.1.17 / 7.0.x < 7.0.15 / 7.1.x < 7.1.10 / 8.0.x < 8.0.2 Multiple Vulnerabilities	Nessus	Palo Alto Local Security Checks	medium
99930	Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32)	Nessus	Misc.	high
99875	EulerOS 2.0 SP2 : openssl (EulerOS-SA-2017-1030)	Nessus	Huawei Local Security Checks	medium
99874	EulerOS 2.0 SP1 : openssl (EulerOS-SA-2017-1029)	Nessus	Huawei Local Security Checks	medium
99593	MySQL Enterprise Monitor 3.1.x < 3.1.7.8023 / 3.2.x < 3.2.7.1204 / 3.3.x < 3.3.3.1199 Multiple Vulnerabilities (April 2017 CPU)	Nessus	CGI abuses	critical
99516	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99515	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99513	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99512	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99212	openSUSE Security Update : nodejs4 (openSUSE-2017-442)	Nessus	SuSE Local Security Checks	medium
97726	Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)	Nessus	Misc.	medium
97555	Amazon Linux AMI : openssl (ALAS-2017-803)	Nessus	Amazon Linux Local Security Checks	medium
97361	F5 Networks BIG-IP : OpenSSL vulnerability (K37526132)	Nessus	F5 Networks Local Security Checks	medium
97316	OracleVM 3.3 / 3.4 : openssl (OVMSA-2017-0042)	Nessus	OracleVM Local Security Checks	medium
97305	CentOS 6 / 7 : openssl (CESA-2017:0286)	Nessus	CentOS Local Security Checks	medium
97295	Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20170220)	Nessus	Scientific Linux Local Security Checks	medium
97294	RHEL 6 / 7 : openssl (RHSA-2017:0286)	Nessus	Red Hat Local Security Checks	medium
97293	Oracle Linux 6 / 7 : openssl (ELSA-2017-0286)	Nessus	Oracle Linux Local Security Checks	medium
97292	openSUSE Security Update : nodejs (openSUSE-2017-284)	Nessus	SuSE Local Security Checks	medium
97276	openSUSE Security Update : openssl (openSUSE-2017-256)	Nessus	SuSE Local Security Checks	medium
97275	openSUSE Security Update : openssl (openSUSE-2017-255)	Nessus	SuSE Local Security Checks	critical
97188	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0461-1)	Nessus	SuSE Local Security Checks	critical
97183	GLSA-201702-07 : OpenSSL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
97180	Fedora 24 : 1:openssl (2017-e853b4144f)	Nessus	Fedora Local Security Checks	medium
97129	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:0441-1)	Nessus	SuSE Local Security Checks	medium
97102	Slackware 14.2 / current : openssl (SSA:2017-041-02)	Nessus	Slackware Local Security Checks	medium
97054	Fedora 25 : 1:openssl (2017-3451dbec48)	Nessus	Fedora Local Security Checks	medium
96931	Debian DLA-814-1 : openssl security update	Nessus	Debian Local Security Checks	medium
9934	OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
9933	OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
96927	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : openssl vulnerabilities (USN-3181-1)	Nessus	Ubuntu Local Security Checks	high
96874	OpenSSL 1.1.0 < 1.1.0d Multiple Vulnerabilities	Nessus	Web Servers	medium
96873	OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities	Nessus	Web Servers	medium
96842	Debian DSA-3773-1 : openssl - security update	Nessus	Debian Local Security Checks	medium
96821	FreeBSD : OpenSSL -- multiple vulnerabilities (d455708a-e3d3-11e6-9940-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium