virus logo FortiClient Vulnerability

OpenSSL CVE-2017-3730 Denial of Service Vulnerability

description-logoDescription

Severity: ModerateIf a malicious server supplies bad parameters for a DHE or ECDHE key exchangethen this can result in the client attempting to dereference a NULL pointerleading to a client crash. This could be exploited in a Denial of Serviceattack.OpenSSL 1.1.0 users should upgrade to 1.1.0dThis issue does not affect OpenSSL version 1.0.2.Note that this issue was fixed prior to it being recognised as a securityconcern. This means the git commit with the fix does not contain the CVEidentifier. The relevant fix commit can be identified by commit hash efbe126e3.This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. Thefix was developed by Matt Caswell of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2017-3730

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39881
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL