2017-10-16 12:31:07 -04:00
{
2019-04-23 20:01:03 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "openssl-security@openssl.org" ,
"DATE_PUBLIC" : "2017-01-26" ,
"ID" : "CVE-2017-3731" ,
"STATE" : "PUBLIC" ,
"TITLE" : "Truncated packet could crash via OOB read"
2019-03-17 22:05:47 +00:00
} ,
2019-04-23 20:01:03 +00:00
"affects" : {
"vendor" : {
"vendor_data" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"product" : {
"product_data" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"product_name" : "OpenSSL" ,
"version" : {
"version_data" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.1.0"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.1.0a"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.1.0b"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.1.0c"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2a"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2b"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2c"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2d"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2e"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2f"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2g"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2h"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2i"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"version_value" : "openssl-1.0.2j"
2019-03-17 22:05:47 +00:00
}
]
}
}
]
} ,
2019-04-23 20:01:03 +00:00
"vendor_name" : "OpenSSL"
2019-03-17 22:05:47 +00:00
}
2018-01-17 21:02:46 -05:00
]
2019-03-17 22:05:47 +00:00
}
} ,
2019-04-23 20:01:03 +00:00
"credit" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"lang" : "eng" ,
"value" : "Robert \u015awi\u0119cki of Google"
2019-03-17 22:05:47 +00:00
}
] ,
2019-04-23 20:01:03 +00:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."
2019-03-17 22:05:47 +00:00
}
]
} ,
2019-04-23 20:01:03 +00:00
"impact" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"lang" : "eng" ,
"url" : "https://www.openssl.org/policies/secpolicy.html#Moderate" ,
"value" : "Moderate"
2019-03-17 22:05:47 +00:00
}
] ,
2019-04-23 20:01:03 +00:00
"problemtype" : {
"problemtype_data" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"description" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"lang" : "eng" ,
"value" : "out-of-bounds read"
2019-03-17 22:05:47 +00:00
}
]
}
]
} ,
2019-04-23 20:01:03 +00:00
"references" : {
"reference_data" : [
2019-03-17 22:05:47 +00:00
{
2019-04-23 20:01:03 +00:00
"name" : "RHSA-2018:2185" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:2185"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "RHSA-2018:2186" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:2186"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "https://security.netapp.com/advisory/ntap-20171019-0002/" ,
"refsource" : "CONFIRM" ,
"url" : "https://security.netapp.com/advisory/ntap-20171019-0002/"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "95813" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/95813"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "RHSA-2017:0286" ,
"refsource" : "REDHAT" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "FreeBSD-SA-17:02" ,
"refsource" : "FREEBSD" ,
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "https://www.openssl.org/news/secadv/20170126.txt" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.openssl.org/news/secadv/20170126.txt"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "1037717" ,
"refsource" : "SECTRACK" ,
"url" : "http://www.securitytracker.com/id/1037717"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "https://www.tenable.com/security/tns-2017-04" ,
"refsource" : "CONFIRM" ,
"url" : "https://www.tenable.com/security/tns-2017-04"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "https://source.android.com/security/bulletin/pixel/2017-11-01" ,
"refsource" : "CONFIRM" ,
"url" : "https://source.android.com/security/bulletin/pixel/2017-11-01"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "GLSA-201702-07" ,
"refsource" : "GENTOO" ,
"url" : "https://security.gentoo.org/glsa/201702-07"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "DSA-3773" ,
"refsource" : "DEBIAN" ,
"url" : "http://www.debian.org/security/2017/dsa-3773"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us" ,
"refsource" : "CONFIRM" ,
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "RHSA-2018:2187" ,
"refsource" : "REDHAT" ,
"url" : "https://access.redhat.com/errata/RHSA-2018:2187"
2019-03-17 22:05:47 +00:00
} ,
{
2019-04-23 20:01:03 +00:00
"name" : "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21" ,
"refsource" : "MISC" ,
"url" : "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
2019-04-23 04:53:58 -07:00
} ,
{
2019-04-23 20:01:03 +00:00
"url" : "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
2020-02-17 17:01:41 +00:00
} ,
{
"name" : "https://security.paloaltonetworks.com/CVE-2017-3731" ,
"refsource" : "CONFIRM" ,
"url" : "https://security.paloaltonetworks.com/CVE-2017-3731"
2019-03-17 22:05:47 +00:00
}
]
}
}
