SB2017012620 - Out-of-bounds read in openssl (Alpine package)
Published: January 26, 2017
Security Bulletin ID
SB2017012620
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2017-3731)
The vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to out-of-bounds read in OpenSSL when processing truncated packets on 32-bit system using certain ciphers. A remote attacker can send a specially crafted truncated packet using CHACHA20/POLY1305 cipher for OpenSSL 1.1.0 or RC4-MD5 for 1.0.2 and trigger denial of service.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable system.
Remediation
Install update from vendor's website.