CVE-2017-3731
published 2017-05-04CVE-2017-3731: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to…
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
57.59%
99.0th percentile
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 1.1.0d-1 (bookworm) | openssl 1.1.0d-1 (bookworm) |
| nodejs | node.js | 4.0.0 – 4.1.2 | — |
| nodejs | node.js | >= 4.2.0 < 4.7.3 | 4.7.3 |
| nodejs | node.js | 5.0.0 – 5.12.0 | — |
| nodejs | node.js | 6.0.0 – 6.8.1 | — |
| nodejs | node.js | >= 6.9.0 < 6.9.5 | 6.9.5 |
| nodejs | node.js | >= 7.0.0 < 7.5.0 | 7.5.0 |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Crash can be triggered on 32-bit hosts when CHACHA20/POLY1305 cipher suite is negotiated (OpenSSL 1.1.0) ↗
- →Crash can be triggered on 32-bit hosts when RC4-MD5 cipher suite is negotiated (OpenSSL 1.0.2); monitor for use of RC4-MD5 in TLS handshakes on 32-bit servers/clients ↗
- →The vulnerability is an integer underflow leading to an out-of-bounds read; look for unexpected crashes (SIGSEGV/SIGBUS) in OpenSSL-linked processes on 32-bit systems following receipt of a truncated TLS packet ↗
- →Attack vector is a truncated (malformed) TLS/SSL packet sent to a 32-bit host; inspect for abnormally short TLS records paired with RC4-MD5 or CHACHA20/POLY1305 cipher suites ↗
- ·Vulnerability only affects OpenSSL running on 32-bit host architecture; 64-bit systems are not affected by CVE-2017-3731 ↗
- ·RC4-MD5 trigger path applies to OpenSSL 1.0.2 only; if RC4-MD5 has been explicitly disabled in configuration, the 1.0.2 crash vector is not reachable ↗
- ·CHACHA20/POLY1305 trigger path applies to OpenSSL 1.1.0 only; fixed in 1.1.0d ↗
- ·PAN-OS versions 6.1, 7.0.14 and earlier, 7.1, and 8.0 are affected; detection/blocking rules targeting Palo Alto devices should account for these version ranges ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_cisco7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3cp9-4w64-73cg: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or clie
ghsa_unreviewed·2022-05-14
CVE-2017-3731 [HIGH] CWE-125 GHSA-3cp9-4w64-73cg: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or clie
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
OSV
CVE-2017-3731: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or clie
osv·2017-05-04·CVSS 7.5
CVE-2017-3731 [HIGH] CVE-2017-3731: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or clie
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
OSV
openssl vulnerabilities
osv·2017-01-31·CVSS 9.8
CVE-2016-2177 [CRITICAL] openssl vulnerabilities
openssl vulnerabilities
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other
releases were fixed in a previous security update. (CVE-2016-2177)
It was discovered that OpenSSL did not properly handle Montgomery
multiplication, resulting in incorrect results leading to transient
failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10.
(CVE-2016-7055)
It was discovered that OpenSSL did not properly use constant-time
operations when performing ECDSA P-256 signing. A remote attacker could
possibly use this issue to perform a timing attack and recover
Palo Alto
OpenSSL Vulnerability
vendor_paloalto·2017-04-20·CVSS 7.5
CVE-2017-3731 [HIGH] CWE-125 OpenSSL Vulnerability
OpenSSL Vulnerability
The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-73914 / CVE-2017-3731)
The OpenSSL library in use by PAN-OS is patched on a regular basis.
This issue affects PAN-OS 6.1, PAN-OS 7.0.14 and earlier, PAN-OS 7.1, PAN-OS 8.0
Affected products: PAN-OS
Solution: PAN-OS 7.0.15 and later; PAN-OS 7.1.10 and later; PAN-OS 8.0.2 and later
Workaround: N/A
BSD
FreeBSD-SA-17:02.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2017-02-23·CVSS 5.9
CVE-2016-7055 [MEDIUM] FreeBSD-SA-17:02.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-17:02.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2017-02-23
Affects: All supported versions of FreeBSD.
Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE)
2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE)
2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p17)
CVE Name: CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2017-01-31·CVSS 9.8
CVE-2016-2177 [CRITICAL] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other
releases were fixed in a previous security update. (CVE-2016-2177)
It was discovered that OpenSSL did not properly handle Montgomery
multiplication, resulting in incorrect results leading to transient
failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10.
(CVE-2016-7055)
It was discovered that OpenSSL did not properly use constant-time
operations when performing ECDSA P-256 signing. A remote attacker could
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
vendor_cisco·2017-01-31·CVSS 7.5
CVE-2017-3730 [HIGH] CWE-310 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016. OpenSSL classifies all the new vulnerabilities as “Moderate Severity.”
The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL to crash when
Red Hat
openssl: Truncated packet could crash via OOB read
vendor_redhat·2017-01-26·CVSS 7.5
CVE-2017-3731 [HIGH] CWE-190 openssl: Truncated packet could crash via OOB read
openssl: Truncated packet could crash via OOB read
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Pac
Debian
CVE-2017-3731: openssl - If an SSL/TLS server or client is running on a 32-bit host, and a specific ciphe...
vendor_debian·2017·CVSS 7.5
CVE-2017-3731 [HIGH] CVE-2017-3731: openssl - If an SSL/TLS server or client is running on a 32-bit host, and a specific ciphe...
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
Scope: local
bookworm: resolved (fixed in 1.1.0d-1)
bullseye: resolved (fixed in 1.1.0d-1)
forky: resolved (fixed in 1.1.0d-1)
sid: resolved (fixed in 1.1.0d-1)
trixie: resolved (fixed in 1.1.0d-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
vendor_cisco
CVE-2017-3731 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
CVE-2017-3731: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 . OpenSSL classifies all the new vulnerabilities as “Moderate Severity.” The first vulnerability affects only OpenSSL used on 32-bit systems architecture and may cause OpenSSL to crash. The second vulnerability affects only version 1.1.0 and occurs only when OpenSSL is used on the client side. The second vulnerability may cause OpenSSL
No detection rules found.
No public exploits indexed.
Tenable
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
blogs_tenable·2017-02-14
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2017-3731 openssl101e: openssl: Truncated packet could crash via OOB read [epel-5]
bugzilla·2017-01-26·CVSS 7.5
CVE-2017-3731 [HIGH] CVE-2017-3731 openssl101e: openssl: Truncated packet could crash via OOB read [epel-5]
CVE-2017-3731 openssl101e: openssl: Truncated packet could crash via OOB read [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-trackin
Bugzilla
CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [fedora-all]
bugzilla·2017-01-26·CVSS 7.5
CVE-2017-3731 [HIGH] CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [fedora-all]
CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2017-3731 CVE-2017-3732 openssl: various flaws [fedora-all]
bugzilla·2017-01-26·CVSS 7.5
CVE-2017-3731 [HIGH] CVE-2017-3731 CVE-2017-3732 openssl: various flaws [fedora-all]
CVE-2017-3731 CVE-2017-3732 openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While
Bugzilla
CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [epel-7]
bugzilla·2017-01-26·CVSS 7.5
CVE-2017-3731 [HIGH] CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [epel-7]
CVE-2017-3731 CVE-2017-3732 mingw-openssl: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Discussion:
Bugzilla
CVE-2017-3731 openssl: Truncated packet could crash via OOB read
bugzilla·2017-01-26·CVSS 7.5
CVE-2017-3731 [HIGH] CVE-2017-3731 openssl: Truncated packet could crash via OOB read
CVE-2017-3731 openssl: Truncated packet could crash via OOB read
If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or client
to perform an out-of-bounds read, usually resulting in a crash.
For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have
not disabled that algorithm should update to 1.0.2k
External References:
https://www.openssl.org/news/secadv/20170126.txt
Discussion:
Upstream commits:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=2198b3a55de681e1f3c23edb0586afe13f438051
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8e20499629b6bcf868d0072c7011e590b5c2294d
---
Created openssl101e tracking bugs for this issue:
Affects: epel-5 [bug 1416866]
http://rhn.redhat.com/errata/RHSA-2017-0286.htmlhttp://www.debian.org/security/2017/dsa-3773http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/95813http://www.securitytracker.com/id/1037717https://access.redhat.com/errata/RHSA-2018:2185https://access.redhat.com/errata/RHSA-2018:2186https://access.redhat.com/errata/RHSA-2018:2187https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.aschttps://security.gentoo.org/glsa/201702-07https://security.netapp.com/advisory/ntap-20171019-0002/https://security.paloaltonetworks.com/CVE-2017-3731https://source.android.com/security/bulletin/pixel/2017-11-01https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_ushttps://www.openssl.org/news/secadv/20170126.txthttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.tenable.com/security/tns-2017-04http://rhn.redhat.com/errata/RHSA-2017-0286.htmlhttp://www.debian.org/security/2017/dsa-3773http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/95813http://www.securitytracker.com/id/1037717https://access.redhat.com/errata/RHSA-2018:2185https://access.redhat.com/errata/RHSA-2018:2186https://access.redhat.com/errata/RHSA-2018:2187https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.aschttps://security.gentoo.org/glsa/201702-07https://security.netapp.com/advisory/ntap-20171019-0002/https://security.paloaltonetworks.com/CVE-2017-3731https://source.android.com/security/bulletin/pixel/2017-11-01https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_ushttps://www.openssl.org/news/secadv/20170126.txthttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.tenable.com/security/tns-2017-04
2017-05-04
Published