CVE-2017-15896

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-15896
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15896.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15896
Downstream
Related
Published
2017-12-11T21:29:00.517Z
Modified
2026-03-14T09:23:23.230728Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
f9f837885343a2a3f5ba2b8c510eaac395c8c865
Last affected
85df6ada477715020dbd22e2fb5e687d84d663ff
Introduced
6dc12b1042d5d4727f77e8a1c5758dab91400069
Fixed
e6ea634901bd4c04ca1d87f642d992831ac8fb00
Introduced
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Last affected
c6a397bce63fc026421e1515b98eec9b8b5a8468
Introduced
6b1c40be84fbe5ea404f25e4e340a0c1fe67a60a
Fixed
381f5ec383dbb164cf3edd1a9de1811cf1cfdc65
Introduced
0d8021e5a4cf0a6aa3a700a361f6d42c2894f2ba
Last affected
dc6bbb44daec5584a0fbd37f0916baeff3202dba
Introduced
f76ce0a75641991bfc235775a4747c978e0e281b
Fixed
8a44289089a08b7b19fa3c4651b5f1f5d1edd71b
Introduced
fa9990f3fb5b06fe94e294925246d2c136deb2c2
Fixed
6e5f96e11c1c84a2530a3e06c66534b55e1b1d32
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.1.2"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.8.7"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.8.1"
        },
        {
            "introduced": "6.9.0"
        },
        {
            "fixed": "6.12.2"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.8.1"
        },
        {
            "introduced": "8.9.0"
        },
        {
            "fixed": "8.9.3"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.2.1"
        }
    ]
}

Affected versions

v4.*
v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v4.8.2
v4.8.3
v4.8.4
v4.8.5
v4.8.6
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.11.0
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.12.0
v6.12.1
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v8.*
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.2.0
v8.2.1
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
v8.8.0
v8.8.1
v8.9.0
v8.9.1
v8.9.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15896.json"