Published: 07/12/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 1.0.2c
openssl openssl 1.0.2d
openssl openssl 1.0.2e
openssl openssl 1.0.2l
openssl openssl 1.0.2m
openssl openssl 1.0.2b
openssl openssl 1.0.2j
openssl openssl 1.0.2k
openssl openssl 1.0.2h
openssl openssl 1.0.2i
openssl openssl 1.0.2f
openssl openssl 1.0.2g
debian debian linux 9.0

Debian Bug report logs - #887477 mysql-57: Security fixes from the January 2018 CPU Package: src:mysql-57; Maintainer for src:mysql-57 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Jan 2018 06:09:04 UTC Severity: grave Tag ...

Several security issues were fixed in OpenSSL ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now availableRed Hat Product Security has rated this release as having a security impactof Moderate A ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 7 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this release as ...

Synopsis Moderate: openssl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openssl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Moderate: Red Hat JBoss Core Services Apache HTTP Server 2429 RHEL 6 security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages are now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this release as h ...

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli No EC algorithms are affected Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely Attacks against DH1024 are considered just feasible, becaus ...

bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 102m and 110 before 110g No EC algorithms are affected Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely Attacks agai ...

OpenSSL 102 (starting from version 102b) introduced an "error state" mechanism The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_ ...

SecurityCenter leverages third-party software to help provide underlying functionality One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL to address the potentia ...

Oracle whips out the swatter, squishes 254 security bugs in its gear

The Register • Shaun Nichols in San Francisco • 19 Apr 2018

Java fixes lobbed out, Spectre Solaris patches issued Flash! Ah-ahhh! WebEx pwned for all of us!

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products. Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its products back in January. This update applies further fixes for Solaris versions 10 and 11.3. Java was on the receivi...

Get Started

CVE-2017-3737

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect