CVE-2017-3737
Vulnerability from cvelistv5
Published
2017-12-07 16:00
Modified
2024-09-17 03:53
Severity ?
EPSS score ?
22.90% (0.95424)
Summary
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
References
openssl-security@openssl.orghttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
openssl-security@openssl.orghttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
openssl-security@openssl.orghttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
openssl-security@openssl.orghttp://www.securityfocus.com/bid/102103Third Party Advisory, VDB Entry
openssl-security@openssl.orghttp://www.securitytracker.com/id/1039978Third Party Advisory, VDB Entry
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2018:0998
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2018:2185
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2018:2186
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2018:2187
openssl-security@openssl.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc
openssl-security@openssl.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.ascThird Party Advisory
openssl-security@openssl.orghttps://security.gentoo.org/glsa/201712-03Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20171208-0001/Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20180117-0002/
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20180419-0002/
openssl-security@openssl.orghttps://www.debian.org/security/2017/dsa-4065Third Party Advisory
openssl-security@openssl.orghttps://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/Third Party Advisory
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20171207.txtVendor Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2017-16
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102103Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039978Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0998
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2185
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2186
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2187
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf
af854a3a-2127-422b-91ae-364da2661108https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201712-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171208-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180117-0002/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180419-0002/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4065Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20171207.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2017-16
Impacted products
Vendor Product Version
OpenSSL Software Foundation OpenSSL Version: 1.0.2b-1.0.2m
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T14:39:40.599Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2018:2185",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2185",
               },
               {
                  name: "RHSA-2018:2186",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2186",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180419-0002/",
               },
               {
                  name: "FreeBSD-SA-17:12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FREEBSD",
                     "x_transferred",
                  ],
                  url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc",
               },
               {
                  name: "GLSA-201712-03",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201712-03",
               },
               {
                  name: "1039978",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1039978",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20171207.txt",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/",
               },
               {
                  name: "RHSA-2018:0998",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:0998",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  name: "DSA-4065",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2017/dsa-4065",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf",
               },
               {
                  name: "102103",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/102103",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/tns-2017-16",
               },
               {
                  name: "RHSA-2018:2187",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2187",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180117-0002/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20171208-0001/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenSSL",
               vendor: "OpenSSL Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "1.0.2b-1.0.2m",
                  },
               ],
            },
         ],
         datePublic: "2017-12-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Unauthenticated read/unencrypted write",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-07-23T22:31:33",
            orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            shortName: "openssl",
         },
         references: [
            {
               name: "RHSA-2018:2185",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2185",
            },
            {
               name: "RHSA-2018:2186",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2186",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180419-0002/",
            },
            {
               name: "FreeBSD-SA-17:12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
               ],
               url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc",
            },
            {
               name: "GLSA-201712-03",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201712-03",
            },
            {
               name: "1039978",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1039978",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.openssl.org/news/secadv/20171207.txt",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/",
            },
            {
               name: "RHSA-2018:0998",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:0998",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               name: "DSA-4065",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2017/dsa-4065",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf",
            },
            {
               name: "102103",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/102103",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.tenable.com/security/tns-2017-16",
            },
            {
               name: "RHSA-2018:2187",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2187",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180117-0002/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20171208-0001/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "openssl-security@openssl.org",
               DATE_PUBLIC: "2017-12-07T00:00:00",
               ID: "CVE-2017-3737",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "OpenSSL",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.0.2b-1.0.2m",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "OpenSSL Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Unauthenticated read/unencrypted write",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2018:2185",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2185",
                  },
                  {
                     name: "RHSA-2018:2186",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2186",
                  },
                  {
                     name: "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc",
                     refsource: "CONFIRM",
                     url: "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180419-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180419-0002/",
                  },
                  {
                     name: "FreeBSD-SA-17:12",
                     refsource: "FREEBSD",
                     url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc",
                  },
                  {
                     name: "GLSA-201712-03",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201712-03",
                  },
                  {
                     name: "1039978",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1039978",
                  },
                  {
                     name: "https://www.openssl.org/news/secadv/20171207.txt",
                     refsource: "CONFIRM",
                     url: "https://www.openssl.org/news/secadv/20171207.txt",
                  },
                  {
                     name: "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/",
                     refsource: "MISC",
                     url: "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/",
                  },
                  {
                     name: "RHSA-2018:0998",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:0998",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  },
                  {
                     name: "DSA-4065",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2017/dsa-4065",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf",
                  },
                  {
                     name: "102103",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/102103",
                  },
                  {
                     name: "https://www.tenable.com/security/tns-2017-16",
                     refsource: "CONFIRM",
                     url: "https://www.tenable.com/security/tns-2017-16",
                  },
                  {
                     name: "RHSA-2018:2187",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2187",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180117-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180117-0002/",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20171208-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20171208-0001/",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
      assignerShortName: "openssl",
      cveId: "CVE-2017-3737",
      datePublished: "2017-12-07T16:00:00Z",
      dateReserved: "2016-12-16T00:00:00",
      dateUpdated: "2024-09-17T03:53:31.262Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2017-3737\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2017-12-07T16:29:00.193\",\"lastModified\":\"2024-11-21T03:26:02.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \\\"error state\\\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.\"},{\"lang\":\"es\",\"value\":\"OpenSSL 1.0.2 (comenzando desde la versión 1.0.2b) introdujo un mecanismo de \\\"error state\\\" (estado de error). La intención era que, si ocurría un error fatal durante una negociación, OpenSSL entraría en el estado de error y fallaría automáticamente si se intentase continuar la negociación. Esto funciona tal y como se ha diseñado para las funciones de negociación explícitas (SSL_do_handshake(), SSL_accept() y SSL_connect()); sin embargo, debido a un error, no funciona correctamente si se llama directamente a SSL_read() o a SSL_write(). En ese caso, si la negociación fracasa, se devolverá un error fatal en la llamada de función inicial. Si, posteriormente, la aplicación llama a SSL_read()/SSL_write() para el mismo objeto SSL, tendrá éxito y los datos se pasarán sin cifrarse/descifrarse directamente desde la capa de registro SSL/TLS. Para explotar esta vulnerabilidad, debería existir un error de aplicación que resulte en una llamada a SSL_read()/SSL_write() que se realiza una vez ya se ha recibido un error fatal. Las versiones 1.0.2b-1.0.2m de OpenSSL se han visto afectadas. Se ha solucionado en OpenSSL 1.0.2n. OpenSSL 1.1.0 no se ha visto afectada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C986592-4086-4A39-9767-EF34DBAA6A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B23181C-03DB-4E92-B3F6-6B585B5231B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D9EC1C-4843-4026-9B05-E060E9391734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036FB24F-7D86-4730-8BC9-722875BEC807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDF148A3-1AA7-4F27-85AB-414C609C626F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E15B749E-6808-4788-AE42-7A1587D8697E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F80C8D-BCA2-40AD-BD22-B70C7BE1B298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B78EDF-6BB7-42C4-9423-9332C62C6E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2354F82-A01B-43D2-84F4-4E94B258E091\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.securityfocus.com/bid/102103\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039978\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0998\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2185\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2186\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2187\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201712-03\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171208-0001/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180117-0002/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180419-0002/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.debian.org/security/2017/dsa-4065\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20171207.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.tenable.com/security/tns-2017-16\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/102103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201712-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171208-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180117-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180419-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2017/dsa-4065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20171207.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2017-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.