{"containers":{"cna":{"affected":[{"product":"OpenSSL","vendor":"OpenSSL","versions":[{"status":"affected","version":"openssl-1.1.0"},{"status":"affected","version":"openssl-1.1.0a"},{"status":"affected","version":"openssl-1.1.0b"},{"status":"affected","version":"openssl-1.1.0c"}]}],"credits":[{"lang":"en","value":"Guido Vranken"}],"datePublic":"2017-01-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack."}],"metrics":[{"other":{"content":{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Moderate","value":"Moderate"},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"description":"NULL pointer deference","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-04-23T19:08:15.000Z","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"41192","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/41192/"},{"name":"95812","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/95812"},{"tags":["x_refsource_MISC"],"url":"https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.openssl.org/news/secadv/20170126.txt"},{"name":"1037717","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1037717"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"name":"GLSA-201702-07","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201702-07"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}],"title":"Bad (EC)DHE parameters cause a client crash","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"openssl-security@openssl.org","DATE_PUBLIC":"2017-01-26","ID":"CVE-2017-3730","STATE":"PUBLIC","TITLE":"Bad (EC)DHE parameters cause a client crash"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_value":"openssl-1.1.0"},{"version_value":"openssl-1.1.0a"},{"version_value":"openssl-1.1.0b"},{"version_value":"openssl-1.1.0c"}]}}]},"vendor_name":"OpenSSL"}]}},"credit":[{"lang":"eng","value":"Guido Vranken"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack."}]},"impact":[{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Moderate","value":"Moderate"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"NULL pointer deference"}]}]},"references":{"reference_data":[{"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"41192","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/41192/"},{"name":"95812","refsource":"BID","url":"http://www.securityfocus.com/bid/95812"},{"name":"https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa","refsource":"MISC","url":"https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"},{"name":"https://www.openssl.org/news/secadv/20170126.txt","refsource":"CONFIRM","url":"https://www.openssl.org/news/secadv/20170126.txt"},{"name":"1037717","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1037717"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"name":"GLSA-201702-07","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201702-07"},{"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us","refsource":"CONFIRM","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T14:39:41.041Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"41192","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/41192/"},{"name":"95812","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/95812"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.openssl.org/news/secadv/20170126.txt"},{"name":"1037717","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1037717"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"name":"GLSA-201702-07","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201702-07"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}]}]},"cveMetadata":{"assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","assignerShortName":"openssl","cveId":"CVE-2017-3730","datePublished":"2017-05-04T19:00:00.000Z","dateReserved":"2016-12-16T00:00:00.000Z","dateUpdated":"2024-09-16T17:48:53.722Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}