OpenSSL CVE-2017-3731 Out of Bounds Read Vulnerability

description-logoDescription

Severity: ModerateIf an SSL/TLS server or client is running on a 32-bit host, and a specificcipher is being used, then a truncated packet can cause that server or clientto perform an out-of-bounds read, usually resulting in a crash.For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;users should upgrade to 1.1.0dFor Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who havenot disabled that algorithm should update to 1.0.2kThis issue was reported to OpenSSL on 13th November 2016 by Robert wicki ofGoogle. The fix was developed by Andy Polyakov of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2017-3731