Main Vulnerability Database Vulnerabilities #VU5420

#VU5420 Out-of-bounds read in OpenSSL - CVE-2017-3731

Published: January 27, 2017 / Updated: January 27, 2017

Vulnerability identifier: #VU5420

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-3731

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenSSL

Software vendor:
OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to out-of-bounds read in OpenSSL when processing truncated packets on 32-bit system using certain ciphers. A remote attacker can send a specially crafted truncated packet using CHACHA20/POLY1305 cipher for OpenSSL 1.1.0 or RC4-MD5 for 1.0.2 and trigger denial of service.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable system.

Remediation

Update OpenSSL to version 1.0.2k or 1.1.0d.

External links

https://www.openssl.org/news/secadv/20170126.txt

#VU5420 Out-of-bounds read in OpenSSL - CVE-2017-3731

Description

Remediation

External links

Please verify you're human