CVE-2017-3731

First published: Thu Jan 26 2017(Updated: )

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k External References: <a href="https://www.openssl.org/news/secadv/20170126.txt">https://www.openssl.org/news/secadv/20170126.txt</a>

Credit: openssl-security@openssl.org openssl-security@openssl.org

Affected Software	Affected Version	How to fix
OpenSSL OpenSSL	=1.1.0a
OpenSSL OpenSSL	=1.1.0b
OpenSSL OpenSSL	=1.1.0c
OpenSSL OpenSSL	=1.0.2
OpenSSL OpenSSL	=1.0.2-beta1
OpenSSL OpenSSL	=1.0.2-beta2
OpenSSL OpenSSL	=1.0.2-beta3
OpenSSL OpenSSL	=1.0.2a
OpenSSL OpenSSL	=1.0.2b
OpenSSL OpenSSL	=1.0.2c
OpenSSL OpenSSL	=1.0.2d
OpenSSL OpenSSL	=1.0.2e
OpenSSL OpenSSL	=1.0.2f
OpenSSL OpenSSL	=1.0.2h
OpenSSL OpenSSL	=1.0.2i
OpenSSL OpenSSL	=1.0.2j
Nodejs Node.js	>=4.0.0<=4.1.2
Nodejs Node.js	>=4.2.0<4.7.3
Nodejs Node.js	>=5.0.0<=5.12.0
Nodejs Node.js	>=6.0.0<=6.8.1
Nodejs Node.js	>=6.9.0<6.9.5
Nodejs Node.js	>=7.0.0<7.5.0
redhat/openssl	<1.0.2	1.0.2
redhat/openssl	<1.1.0	1.1.0
debian/openssl		1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.3.2-2

CVE-2017-3731

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact