CVE-2017-3737 — Out-of-bounds Read in Software Foundation Openssl

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write CWE-391 — Unchecked Error Condition17 documents10 sources

Severity

5.9MEDIUMNVD

EPSS

42.9%

top 2.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Openssl Software Foundation Openssl Debian Linux

Timeline

PublishedDec 7

Latest updateMay 13

Description

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶Debianopenssl/openssl< 1.1.0b-2+3

▶Ubuntuopenssl/openssl< 1.0.2g-1ubuntu4.10

▶NVDopenssl/openssl12 versions+11

▶CVEListV5openssl_software_foundation/openssl1.0.2b-1.0.2m

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-fwxf-w2h7-9w25: OpenSSL 1↗2022-05-13

▶

OSV

openssl vulnerabilities↗2017-12-11

▶

CVEList

CVE-2017-3737: OpenSSL 1↗2017-12-07

▶

OSV

CVE-2017-3737: OpenSSL 1↗2017-12-07

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2017-12-11

▶

BSD

FreeBSD-SA-17:12.openssl: OpenSSL multiple vulnerabilities↗2017-12-09

▶

Red Hat

openssl: Read/write after SSL object in error state↗2017-12-07

▶

Red Hat

nodejs: Vulnerable to CVE-2017-3737 due to embedded OpenSSL↗2017-12-07

▶

Debian

CVE-2017-3737: openssl - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechani...↗2017

▶

🕵️Threat Intelligence

Fortinet

An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737)↗2018-01-12

▶

💬Community

Bugzilla

CVE-2017-15896 nodejs: Vulnerable to CVE-2017-3737 due to embedded OpenSSL [fedora-26]↗2017-12-12

▶

Bugzilla

CVE-2017-15896 nodejs: Vulnerable to CVE-2017-3737 due to embedded OpenSSL↗2017-12-12

▶

Bugzilla

CVE-2017-15896 nodejs: Vulnerable to CVE-2017-3737 due to embedded OpenSSL [epel-6]↗2017-12-12

▶

Bugzilla

CVE-2017-3737 openssl: Read/write after SSL object in error state↗2017-12-08

▶

Bugzilla

CVE-2017-3737 CVE-2017-3738 mingw-openssl: various flaws [fedora-all]↗2017-12-08

▶