Vulnerability CVE-2017-3731


Published: 2017-05-04

Description:
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Type:

CWE-125

(Out-of-bounds Read)

Vendor: Openssl
Product: Openssl 
Version:
1.1.0c
1.1.0b
1.1.0a
1.0.2j
1.0.2i
1.0.2h
1.0.2f
1.0.2e
1.0.2d
1.0.2c
1.0.2b
1.0.2a
1.0.2

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://rhn.redhat.com/errata/RHSA-2017-0286.html
http://securityadvisories.paloaltonetworks.com/Home/Detail/82
http://www.debian.org/security/2017/dsa-3773
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/95813
http://www.securitytracker.com/id/1037717
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
https://security.gentoo.org/glsa/201702-07
https://security.netapp.com/advisory/ntap-20171019-0002/
https://source.android.com/security/bulletin/pixel/2017-11-01
https://www.openssl.org/news/secadv/20170126.txt
https://www.tenable.com/security/tns-2017-04

Related CVE
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult...
CVE-2017-3737
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue ...
CVE-2016-8610
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser...
CVE-2017-3736
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very ...
CVE-2017-3735
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of Op...
CVE-2016-7055
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA...
CVE-2017-3730
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial o...
CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers ...

Copyright 2018, cxsecurity.com

 

Back to Top