CVE-2017-3737
First published: Thu Dec 07 2017(Updated: )
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. External References: <a href="https://www.openssl.org/news/secadv/20171207.txt">https://www.openssl.org/news/secadv/20171207.txt</a>
Credit: openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u1 3.0.11-1 | |
| OpenSSL OpenSSL | =1.0.2b | |
| OpenSSL OpenSSL | =1.0.2c | |
| OpenSSL OpenSSL | =1.0.2d | |
| OpenSSL OpenSSL | =1.0.2e | |
| OpenSSL OpenSSL | =1.0.2f | |
| OpenSSL OpenSSL | =1.0.2g | |
| OpenSSL OpenSSL | =1.0.2h | |
| OpenSSL OpenSSL | =1.0.2i | |
| OpenSSL OpenSSL | =1.0.2j | |
| OpenSSL OpenSSL | =1.0.2k | |
| OpenSSL OpenSSL | =1.0.2l | |
| OpenSSL OpenSSL | =1.0.2m | |
| Debian Debian Linux | =9.0 | |
| redhat/openssl | <1.0.2 | 1.0.2 |
| <=10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/136077
- https://www.ibm.com/support/pages/node/7057377 (Advisory)
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/102103
- http://www.securitytracker.com/id/1039978
- https://access.redhat.com/errata/RHSA-2018:0998
- https://access.redhat.com/errata/RHSA-2018:2185
- https://access.redhat.com/errata/RHSA-2018:2186
- https://access.redhat.com/errata/RHSA-2018:2187
- https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf
- https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc
- https://security.gentoo.org/glsa/201712-03
- https://security.netapp.com/advisory/ntap-20171208-0001/
- https://security.netapp.com/advisory/ntap-20180117-0002/
- https://security.netapp.com/advisory/ntap-20180419-0002/
- https://www.debian.org/security/2017/dsa-4065
- https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/
- https://www.openssl.org/news/secadv/20171207.txt
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2017-16
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523513
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523511
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523512
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1544443
- https://bugzilla.redhat.com/show_bug.cgi?id=1523504
- https://git.openssl.org/?p=openssl.git;a=commit;h=898fb884b706aaeb283de4812340bb0bde8476dc
- https://git.openssl.org/?p=openssl.git;a=commit;h=e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589
- https://security-tracker.debian.org/tracker/CVE-2017-3737
Frequently Asked Questions
What is CVE-2017-3737?
CVE-2017-3737 is a vulnerability in OpenSSL that allows a remote attacker to bypass security restrictions.
Which versions of OpenSSL are affected by CVE-2017-3737?
OpenSSL 1.0.2b and later versions including 1.0.2, 1.1.1n-0+deb10u3, 1.1.1n-0+deb10u6, 1.1.1w-0+deb11u1, 1.1.1n-0+deb11u5, 3.0.11-1~deb12u1, and 3.0.11-1 are affected.
How severe is CVE-2017-3737?
CVE-2017-3737 has a severity rating of 5.9 (medium).
What is the CWE ID of CVE-2017-3737?
The CWE ID of CVE-2017-3737 is CWE-125 and CWE-787.
Where can I find more information about CVE-2017-3737?
You can find more information about CVE-2017-3737 at the following references: [Link 1](https://www.openssl.org/news/secadv/20171207.txt), [Link 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523513), [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523511).
- collector/security-tracker-debian
- collector/nvd-index
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-3737
- agent/software-canonical-lookup
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.0.2b
- version/openssl openssl/1.0.2c
- version/openssl openssl/1.0.2d
- version/openssl openssl/1.0.2e
- version/openssl openssl/1.0.2f
- version/openssl openssl/1.0.2g
- version/openssl openssl/1.0.2h
- version/openssl openssl/1.0.2i
- version/openssl openssl/1.0.2j
- version/openssl openssl/1.0.2k
- version/openssl openssl/1.0.2l
- version/openssl openssl/1.0.2m
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/redhat
- vendor/ibm
- canonical/ibm security verify governance
- version/ibm security verify governance/10.0