In OpenSSL 1.1.0 prior to 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 1.1.0c |
||
openssl openssl 1.1.0 |
||
openssl openssl 1.1.0b |
||
openssl openssl 1.1.0a |
||
oracle agile engineering data management 6.2.0 |
||
oracle jd edwards world security a9.2 |
||
oracle communications eagle lnp application processor 10.1 |
||
oracle communications application session controller 3.7.1 |
||
oracle jd edwards world security a9.4 |
||
oracle jd edwards enterpriseone tools 9.2 |
||
oracle communications operations monitor 3.4 |
||
oracle communications operations monitor 4.0 |
||
oracle agile engineering data management 6.1.3 |
||
oracle jd edwards world security a9.1 |
||
oracle jd edwards world security a9.3 |
||
oracle communications eagle lnp application processor 10.0 |
||
oracle communications eagle lnp application processor 10.2 |
||
oracle communications application session controller 3.8.0 |
One was fixed before anyone realised it was a security issue, so be careful when applying
OpenSSL's released patches for a trio of denial-of-service bugs. The first (CVE-2017-3731), turned up by Google's Robert Święcki, only affects SSL/TLS servers running on 32-bit hosts. Depending on the cipher the host is using, a truncated packet crashes the system by triggering an out-of-bounds read. It's version-specific: under OpenSSL 1.1.0 the relevant cipher is CHACHA20/POLY1305 and it's fixed in 1.1.0d. In OpenSSL 1.0.2, RC4-MD5 (which should have been disabled) is the target, and it's fi...