CVE-2017-3731

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
1.1.0a:a
opensslopenssl
1.1.0b:b
opensslopenssl
1.1.0c:c
opensslopenssl
1.0.2
opensslopenssl
1.0.2:beta1
opensslopenssl
1.0.2:beta2
opensslopenssl
1.0.2:beta3
opensslopenssl
1.0.2a:a
opensslopenssl
1.0.2b:b
opensslopenssl
1.0.2c:c
opensslopenssl
1.0.2d:d
opensslopenssl
1.0.2e:e
opensslopenssl
1.0.2f:f
opensslopenssl
1.0.2h:h
opensslopenssl
1.0.2i:i
opensslopenssl
1.0.2j:j
nodejsnode.js
4.0.0 ≤
𝑥
≤ 4.1.2
nodejsnode.js
4.2.0 ≤
𝑥
< 4.7.3
nodejsnode.js
5.0.0 ≤
𝑥
≤ 5.12.0
nodejsnode.js
6.0.0 ≤
𝑥
≤ 6.8.1
nodejsnode.js
6.9.0 ≤
𝑥
< 6.9.5
nodejsnode.js
7.0.0 ≤
𝑥
< 7.5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssl
artful
Fixed 1.0.2g-1ubuntu11
released
bionic
Fixed 1.0.2g-1ubuntu11
released
cosmic
Fixed 1.0.2g-1ubuntu11
released
disco
Fixed 1.0.2g-1ubuntu11
released
precise
Fixed 1.0.1-4ubuntu5.39
released
trusty
Fixed 1.0.1f-1ubuntu2.22
released
xenial
Fixed 1.0.2g-1ubuntu4.6
released
yakkety
Fixed 1.0.2g-1ubuntu9.1
released
zesty
Fixed 1.0.2g-1ubuntu11
released
openssl098
artful
dne
bionic
dne
cosmic
dne
disco
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libopenssl-devel
suse enterprise desktop 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.1.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.1.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.1.1
fixed
libopenssl-fips-provider
suse enterprise desktop 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.1.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.1.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.1.1
fixed
nodejs4
suse enterprise sap 12
4.7.3-14.1
fixed
suse enterprise sap 12 SP3
4.7.3-14.1
fixed
suse enterprise sap 12 SP4
4.7.3-14.1
fixed
suse enterprise sap 12 SP5
4.7.3-14.1
fixed
suse enterprise server 12
4.7.3-14.1
fixed
suse enterprise server 12 SP3
4.7.3-14.1
fixed
suse enterprise server 12 SP4
4.7.3-14.1
fixed
suse enterprise server 12 SP5
4.7.3-14.1
fixed
nodejs4-devel
suse enterprise sap 12
4.7.3-14.1
fixed
suse enterprise sap 12 SP3
4.7.3-14.1
fixed
suse enterprise sap 12 SP4
4.7.3-14.1
fixed
suse enterprise sap 12 SP5
4.7.3-14.1
fixed
suse enterprise server 12
4.7.3-14.1
fixed
suse enterprise server 12 SP3
4.7.3-14.1
fixed
suse enterprise server 12 SP4
4.7.3-14.1
fixed
suse enterprise server 12 SP5
4.7.3-14.1
fixed
nodejs4-docs
suse enterprise sap 12
4.7.3-14.1
fixed
suse enterprise sap 12 SP3
4.7.3-14.1
fixed
suse enterprise sap 12 SP4
4.7.3-14.1
fixed
suse enterprise sap 12 SP5
4.7.3-14.1
fixed
suse enterprise server 12
4.7.3-14.1
fixed
suse enterprise server 12 SP3
4.7.3-14.1
fixed
suse enterprise server 12 SP4
4.7.3-14.1
fixed
suse enterprise server 12 SP5
4.7.3-14.1
fixed
nodejs6
suse enterprise sap 12
6.9.5-7.1
fixed
suse enterprise sap 12 SP3
6.9.5-7.1
fixed
suse enterprise sap 12 SP4
6.9.5-7.1
fixed
suse enterprise sap 12 SP5
6.9.5-7.1
fixed
suse enterprise server 12
6.9.5-7.1
fixed
suse enterprise server 12 SP3
6.9.5-7.1
fixed
suse enterprise server 12 SP4
6.9.5-7.1
fixed
suse enterprise server 12 SP5
6.9.5-7.1
fixed
nodejs6-devel
suse enterprise sap 12
6.9.5-7.1
fixed
suse enterprise sap 12 SP3
6.9.5-7.1
fixed
suse enterprise sap 12 SP4
6.9.5-7.1
fixed
suse enterprise sap 12 SP5
6.9.5-7.1
fixed
suse enterprise server 12
6.9.5-7.1
fixed
suse enterprise server 12 SP3
6.9.5-7.1
fixed
suse enterprise server 12 SP4
6.9.5-7.1
fixed
suse enterprise server 12 SP5
6.9.5-7.1
fixed
nodejs6-docs
suse enterprise sap 12
6.9.5-7.1
fixed
suse enterprise sap 12 SP3
6.9.5-7.1
fixed
suse enterprise sap 12 SP4
6.9.5-7.1
fixed
suse enterprise sap 12 SP5
6.9.5-7.1
fixed
suse enterprise server 12
6.9.5-7.1
fixed
suse enterprise server 12 SP3
6.9.5-7.1
fixed
suse enterprise server 12 SP4
6.9.5-7.1
fixed
suse enterprise server 12 SP5
6.9.5-7.1
fixed
npm4
suse enterprise sap 12
4.7.3-14.1
fixed
suse enterprise sap 12 SP3
4.7.3-14.1
fixed
suse enterprise sap 12 SP4
4.7.3-14.1
fixed
suse enterprise sap 12 SP5
4.7.3-14.1
fixed
suse enterprise server 12
4.7.3-14.1
fixed
suse enterprise server 12 SP3
4.7.3-14.1
fixed
suse enterprise server 12 SP4
4.7.3-14.1
fixed
suse enterprise server 12 SP5
4.7.3-14.1
fixed
npm6
suse enterprise sap 12
6.9.5-7.1
fixed
suse enterprise sap 12 SP3
6.9.5-7.1
fixed
suse enterprise sap 12 SP4
6.9.5-7.1
fixed
suse enterprise sap 12 SP5
6.9.5-7.1
fixed
suse enterprise server 12
6.9.5-7.1
fixed
suse enterprise server 12 SP3
6.9.5-7.1
fixed
suse enterprise server 12 SP4
6.9.5-7.1
fixed
suse enterprise server 12 SP5
6.9.5-7.1
fixed
openssl
suse enterprise desktop 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.1.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.1.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.2.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.1.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
openssl
RHEL 6
0:1.0.1e-48.el6_8.4
fixed
RHEL 7
1:1.0.1e-60.el7_3.1
fixed
openssl-devel
RHEL 6
0:1.0.1e-48.el6_8.4
fixed
RHEL 7
1:1.0.1e-60.el7_3.1
fixed
openssl-libs
RHEL 7
1:1.0.1e-60.el7_3.1
fixed
openssl-perl
RHEL 6
0:1.0.1e-48.el6_8.4
fixed
RHEL 7
1:1.0.1e-60.el7_3.1
fixed
openssl-static
RHEL 6
0:1.0.1e-48.el6_8.4
fixed
RHEL 7
1:1.0.1e-60.el7_3.1
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2017-0286.html
http://www.debian.org/security/2017/dsa-3773
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/95813
http://www.securitytracker.com/id/1037717
https://access.redhat.com/errata/RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2187
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
https://security.gentoo.org/glsa/201702-07
https://security.netapp.com/advisory/ntap-20171019-0002/
https://security.paloaltonetworks.com/CVE-2017-3731
https://source.android.com/security/bulletin/pixel/2017-11-01
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us
https://www.openssl.org/news/secadv/20170126.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.tenable.com/security/tns-2017-04
http://rhn.redhat.com/errata/RHSA-2017-0286.html
http://www.debian.org/security/2017/dsa-3773
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/95813
http://www.securitytracker.com/id/1037717
https://access.redhat.com/errata/RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2187
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
https://security.gentoo.org/glsa/201702-07
https://security.netapp.com/advisory/ntap-20171019-0002/
https://security.paloaltonetworks.com/CVE-2017-3731
https://source.android.com/security/bulletin/pixel/2017-11-01
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us
https://www.openssl.org/news/secadv/20170126.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.tenable.com/security/tns-2017-04