{"containers":{"cna":{"affected":[{"product":"OpenSSL","vendor":"OpenSSL","versions":[{"status":"affected","version":"openssl-1.1.0"},{"status":"affected","version":"openssl-1.1.0a"},{"status":"affected","version":"openssl-1.1.0b"},{"status":"affected","version":"openssl-1.1.0c"},{"status":"affected","version":"openssl-1.0.2"},{"status":"affected","version":"openssl-1.0.2a"},{"status":"affected","version":"openssl-1.0.2b"},{"status":"affected","version":"openssl-1.0.2c"},{"status":"affected","version":"openssl-1.0.2d"},{"status":"affected","version":"openssl-1.0.2e"},{"status":"affected","version":"openssl-1.0.2f"},{"status":"affected","version":"openssl-1.0.2g"},{"status":"affected","version":"openssl-1.0.2h"},{"status":"affected","version":"openssl-1.0.2i"},{"status":"affected","version":"openssl-1.0.2j"}]}],"credits":[{"lang":"en","value":"Robert Święcki of Google"}],"datePublic":"2017-01-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."}],"metrics":[{"other":{"content":{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Moderate","value":"Moderate"},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"description":"out-of-bounds read","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-02-17T16:03:45.000Z","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"references":[{"name":"RHSA-2018:2185","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:2185"},{"name":"RHSA-2018:2186","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:2186"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20171019-0002/"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"95813","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/95813"},{"name":"RHSA-2017:0286","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html"},{"name":"FreeBSD-SA-17:02","tags":["vendor-advisory","x_refsource_FREEBSD"],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.openssl.org/news/secadv/20170126.txt"},{"name":"1037717","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1037717"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.tenable.com/security/tns-2017-04"},{"tags":["x_refsource_CONFIRM"],"url":"https://source.android.com/security/bulletin/pixel/2017-11-01"},{"name":"GLSA-201702-07","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201702-07"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"name":"DSA-3773","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2017/dsa-3773"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"},{"name":"RHSA-2018:2187","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:2187"},{"tags":["x_refsource_MISC"],"url":"https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.paloaltonetworks.com/CVE-2017-3731"}],"title":"Truncated packet could crash via OOB read","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"openssl-security@openssl.org","DATE_PUBLIC":"2017-01-26","ID":"CVE-2017-3731","STATE":"PUBLIC","TITLE":"Truncated packet could crash via OOB read"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_value":"openssl-1.1.0"},{"version_value":"openssl-1.1.0a"},{"version_value":"openssl-1.1.0b"},{"version_value":"openssl-1.1.0c"},{"version_value":"openssl-1.0.2"},{"version_value":"openssl-1.0.2a"},{"version_value":"openssl-1.0.2b"},{"version_value":"openssl-1.0.2c"},{"version_value":"openssl-1.0.2d"},{"version_value":"openssl-1.0.2e"},{"version_value":"openssl-1.0.2f"},{"version_value":"openssl-1.0.2g"},{"version_value":"openssl-1.0.2h"},{"version_value":"openssl-1.0.2i"},{"version_value":"openssl-1.0.2j"}]}}]},"vendor_name":"OpenSSL"}]}},"credit":[{"lang":"eng","value":"Robert Święcki of Google"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k."}]},"impact":[{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Moderate","value":"Moderate"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"out-of-bounds read"}]}]},"references":{"reference_data":[{"name":"RHSA-2018:2185","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2185"},{"name":"RHSA-2018:2186","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2186"},{"name":"https://security.netapp.com/advisory/ntap-20171019-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20171019-0002/"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"95813","refsource":"BID","url":"http://www.securityfocus.com/bid/95813"},{"name":"RHSA-2017:0286","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html"},{"name":"FreeBSD-SA-17:02","refsource":"FREEBSD","url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"},{"name":"https://www.openssl.org/news/secadv/20170126.txt","refsource":"CONFIRM","url":"https://www.openssl.org/news/secadv/20170126.txt"},{"name":"1037717","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1037717"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"name":"https://www.tenable.com/security/tns-2017-04","refsource":"CONFIRM","url":"https://www.tenable.com/security/tns-2017-04"},{"name":"https://source.android.com/security/bulletin/pixel/2017-11-01","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/pixel/2017-11-01"},{"name":"GLSA-201702-07","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201702-07"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"name":"DSA-3773","refsource":"DEBIAN","url":"http://www.debian.org/security/2017/dsa-3773"},{"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us","refsource":"CONFIRM","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"},{"name":"RHSA-2018:2187","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:2187"},{"name":"https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21","refsource":"MISC","url":"https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"name":"https://security.paloaltonetworks.com/CVE-2017-3731","refsource":"CONFIRM","url":"https://security.paloaltonetworks.com/CVE-2017-3731"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T14:39:40.936Z"},"title":"CVE Program Container","references":[{"name":"RHSA-2018:2185","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:2185"},{"name":"RHSA-2018:2186","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:2186"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20171019-0002/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"name":"95813","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/95813"},{"name":"RHSA-2017:0286","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html"},{"name":"FreeBSD-SA-17:02","tags":["vendor-advisory","x_refsource_FREEBSD","x_transferred"],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.openssl.org/news/secadv/20170126.txt"},{"name":"1037717","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1037717"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.tenable.com/security/tns-2017-04"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://source.android.com/security/bulletin/pixel/2017-11-01"},{"name":"GLSA-201702-07","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201702-07"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"name":"DSA-3773","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2017/dsa-3773"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"},{"name":"RHSA-2018:2187","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:2187"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.paloaltonetworks.com/CVE-2017-3731"}]}]},"cveMetadata":{"assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","assignerShortName":"openssl","cveId":"CVE-2017-3731","datePublished":"2017-05-04T19:00:00.000Z","dateReserved":"2016-12-16T00:00:00.000Z","dateUpdated":"2024-09-16T22:40:54.865Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}