cbcvebase.
CVE-2017-3731
published 2017-05-04

CVE-2017-3731: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to…

PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
57.59%
99.0th percentile
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
debianopenssl< openssl 1.1.0d-1 (bookworm)openssl 1.1.0d-1 (bookworm)
nodejsnode.js4.0.0 – 4.1.2
nodejsnode.js>= 4.2.0 < 4.7.34.7.3
nodejsnode.js5.0.0 – 5.12.0
nodejsnode.js6.0.0 – 6.8.1
nodejsnode.js>= 6.9.0 < 6.9.56.9.5
nodejsnode.js>= 7.0.0 < 7.5.07.5.0
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl

Detection & IOCsextracted from sources · hover to see the quote

  • Crash can be triggered on 32-bit hosts when CHACHA20/POLY1305 cipher suite is negotiated (OpenSSL 1.1.0)
  • Crash can be triggered on 32-bit hosts when RC4-MD5 cipher suite is negotiated (OpenSSL 1.0.2); monitor for use of RC4-MD5 in TLS handshakes on 32-bit servers/clients
  • The vulnerability is an integer underflow leading to an out-of-bounds read; look for unexpected crashes (SIGSEGV/SIGBUS) in OpenSSL-linked processes on 32-bit systems following receipt of a truncated TLS packet
  • Attack vector is a truncated (malformed) TLS/SSL packet sent to a 32-bit host; inspect for abnormally short TLS records paired with RC4-MD5 or CHACHA20/POLY1305 cipher suites
  • ·Vulnerability only affects OpenSSL running on 32-bit host architecture; 64-bit systems are not affected by CVE-2017-3731
  • ·RC4-MD5 trigger path applies to OpenSSL 1.0.2 only; if RC4-MD5 has been explicitly disabled in configuration, the 1.0.2 crash vector is not reachable
  • ·CHACHA20/POLY1305 trigger path applies to OpenSSL 1.1.0 only; fixed in 1.1.0d
  • ·PAN-OS versions 6.1, 7.0.14 and earlier, 7.1, and 8.0 are affected; detection/blocking rules targeting Palo Alto devices should account for these version ranges

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_cisco7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.