Vulmon Recent Vulnerabilities Trends Blog About Contact
7.5
CVSSv3

CVE-2017-3730

Published: 04/05/2017 Updated: 25/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 506
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

In OpenSSL 1.1.0 prior to 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.1.0

openssl openssl 1.1.0a

openssl openssl 1.1.0b

openssl openssl 1.1.0c

oracle agile engineering data management 6.1.3

oracle agile engineering data management 6.2.0

oracle communications application session controller 3.7.1

oracle communications application session controller 3.8.0

oracle communications eagle lnp application processor 10.0

oracle communications eagle lnp application processor 10.1

oracle communications eagle lnp application processor 10.2

oracle communications operations monitor 3.4

oracle communications operations monitor 4.0

oracle jd edwards enterpriseone tools 9.2

oracle jd edwards world security a9.1

oracle jd edwards world security a9.2

oracle jd edwards world security a9.3

oracle jd edwards world security a9.4

Vendor Advisories

Red Hat: CVE-2017-3730
In OpenSSL 110 before 110d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash This could be exploited in a Denial of Service attack ...
Symantec Security Advisories: SA141 : OpenSSL Vulnerabilities 26-Jan-2017
Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities  A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information ...
Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities The foundation also released one vulnerability that was already disclosed in the OpenSSL advisory for November 2016 and included in the Cisco Security Advisory Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: Novem ...
Brocade Security Advisories: BSA-2017-258
Summary If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer<br>leading to a client crash This could be exploited in a Denial of Service attack Affected Products Product Current Assessment Brocade Services Director ...
Huawei Security Advisories: Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products
On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities  If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash This could be exploited in a Denial of Servi ...
Forcepoint Security Advisories: CVE-2017-3730, -3731, -3732 OpenSSL Vulnerabilities
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community CVE-2017-3730, -3731, -3732 OpenSSL Vulnerabilities Article Number: 000012338 Products: Forcepoint DLP, ...
Oracle: Oracle Critical Patch Update Advisory - April 2017
Oracle Critical Patch Update Advisory - April 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus ...
Oracle: Oracle Critical Patch Update Advisory - October 2017
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...

Exploits

Exploit DB: OpenSSL 1.1.0 - Remote Client Denial of Service
// Source: guidovrankenwordpresscom/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/ /* * SSL server demonstration program * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-20 * * Licensed under the Apache License, Version 20 (the ...

Mailing Lists

Packetstorm: OpenSSL 1.1.0 Remote Client Denial Of Service
OpenSSL version 110 remote client denial of service proof of concept exploit ...

Github Repositories

OpenSSL-CVE-2017-3730

挑戰 (U+8101): OpenSSL CVE-2017-3730 proof-of-concept

CVE-2017-3730 OpenSSL CVE-2017-3730 proof-of-concept Using OpenSSH as a proxy to patch DH values on the fly Create an SSL server using a ciphersuite like DHE-PSK-WITH-AES-256-GCM-SHA384 Let's say it runs on 10022 port 8899 Get openssh-74p1 Apply patch Build it Run it like: /ssh -vvv -N -D 1085 -o TCPKeepAlive=yes -o ServerAliveInterval=60 localhost In a different

PoC-in-GitHub

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

OpenSSL pushes trio of DoS-busting patches
The Register • Richard Chirgwin • 31 Jan 2017

One was fixed before anyone realised it was a security issue, so be careful when applying

OpenSSL's released patches for a trio of denial-of-service bugs.
The first (CVE-2017-3731), turned up by Google's Robert Święcki, only affects SSL/TLS servers running on 32-bit hosts. Depending on the cipher the host is using, a truncated packet crashes the system by triggering an out-of-bounds read.
It's version-specific: under OpenSSL 1.1.0 the relevant cipher is CHACHA20/POLY1305 and it's fixed in 1.1.0d. In OpenSSL 1.0.2, RC4-MD5 (which should have been disabled) is the target,...

Read more...

References

CWE-476http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/95812http://www.securitytracker.com/id/1037717https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaahttps://security.gentoo.org/glsa/201702-07https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_ushttps://www.exploit-db.com/exploits/41192/https://www.openssl.org/news/secadv/20170126.txthttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2017-3730https://github.com/ymmah/OpenSSL-CVE-2017-3730https://nvd.nist.govhttps://www.exploit-db.com/exploits/41192/https://tools.cisco.com/security/center/viewAlert.x?alertId=52437
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationTCPCVE-2020-4865CVE-2021-3297CVE-2018-15473CVE-2021-3317CVE-2021-23240denial of serviceCVE-2020-16107