CVE-2017-3731

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-3731
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3731.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-3731
Downstream
Related
Published
2017-05-04T19:29:00.353Z
Modified
2026-03-15T22:16:54.338300Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
f9f837885343a2a3f5ba2b8c510eaac395c8c865
Last affected
85df6ada477715020dbd22e2fb5e687d84d663ff
Introduced
6dc12b1042d5d4727f77e8a1c5758dab91400069
Fixed
79f015aa49f29185aadeb29cd5c06843745f72e2
Introduced
384e6c2dfe968002800bc3d3224a57aa19ffdfee
Last affected
325e1194ce111d43b31dfdf2e2944a73411276d9
Introduced
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Last affected
c6a397bce63fc026421e1515b98eec9b8b5a8468
Introduced
6b1c40be84fbe5ea404f25e4e340a0c1fe67a60a
Fixed
37a8051594719584ed35e88e4862dc5540427beb
Introduced
362fe010fe8f6feb0030e1e02c689b501e11ddb7
Fixed
a34f1d644905b1989bebfb8658220b2a692a1589
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.1.2"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.7.3"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "last_affected": "5.12.0"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.8.1"
        },
        {
            "introduced": "6.9.0"
        },
        {
            "fixed": "6.9.5"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.5.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ea5bd2b52d0e81eaef3d109b3b12545306f201c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ea5bd2b52d0e81eaef3d109b3b12545306f201c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ea5bd2b52d0e81eaef3d109b3b12545306f201c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
94f416601754dbe65e287f8e1eca01fa32f74a7a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2f63ad1c6daa61614f3d58de0889bf68e9f75853
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2c5db8dac3a06fe5b2c889838a606138ee3542ed
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e818b74be2170fbe957a07b0da4401c2b694b3b8
Fixed
00d965474b22b54e4275232bc71ee0c699c5cd21
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0a"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0b"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0c"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2-beta2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2-beta3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2a"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2b"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2c"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2d"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2e"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2f"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2h"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2i"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.2j"
        }
    ]
}

Affected versions

Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_0_0
OpenSSL_1_0_0-beta1
OpenSSL_1_0_0-beta2
OpenSSL_1_0_0-beta3
OpenSSL_1_0_0-beta4
OpenSSL_1_0_0-beta5
OpenSSL_1_0_0a
OpenSSL_1_0_1
OpenSSL_1_0_1-beta1
OpenSSL_1_0_1-beta2
OpenSSL_1_0_1-beta3
OpenSSL_1_0_2
OpenSSL_1_0_2-beta1
OpenSSL_1_0_2-beta2
OpenSSL_1_0_2-beta3
OpenSSL_1_0_2-post-auto-reformat
OpenSSL_1_0_2-post-reformat
OpenSSL_1_0_2-pre-auto-reformat
OpenSSL_1_0_2-pre-reformat
OpenSSL_1_0_2a
OpenSSL_1_0_2b
OpenSSL_1_0_2c
OpenSSL_1_0_2d
OpenSSL_1_0_2e
OpenSSL_1_0_2f
OpenSSL_1_0_2g
OpenSSL_1_0_2h
OpenSSL_1_0_2i
OpenSSL_1_0_2j
OpenSSL_1_0_2k
OpenSSL_1_0_2l
OpenSSL_1_0_2m
OpenSSL_1_0_2n
OpenSSL_1_0_2o
OpenSSL_1_0_2p
OpenSSL_1_0_2q
OpenSSL_1_0_2r
OpenSSL_1_0_2s
OpenSSL_1_0_2t
OpenSSL_1_0_2u
OpenSSL_1_1_0
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_0a
OpenSSL_1_1_0b
OpenSSL_1_1_0c
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
v4.*
v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v5.*
v5.0.0
v5.1.0
v5.1.1
v5.10.0
v5.10.1
v5.11.1
v5.12.0
v5.2.0
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.9.0
v5.9.1
v6.*
v6.0.0
v6.1.0
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4

Database specific

vanir_signatures 
[
    {
        "digest": {
            "length": 1781.0,
            "function_hash": "221735333621247249205544300326653651031"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2017-3731-1941b72b",
        "target": {
            "function": "aes_ccm_ctrl",
            "file": "crypto/evp/e_aes.c"
        },
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "258332393461523318300772418283316247240",
                "139455449470853885843312740408088404667",
                "299560138836707757772546515239509527055",
                "196819153725239350090704975974326428859",
                "107191961654897997411654721196022093301",
                "15996322021237148727573568799963605600",
                "57798510971080246332159561077791581992",
                "151878145502330302568752946372148960554",
                "147327775481107408714039356309321399255",
                "21217088637283268914316745231029260860",
                "33610301170652250267779137292753224093",
                "199725929091931850549957399955877992477"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-3731-41add88c",
        "target": {
            "file": "crypto/evp/e_aes.c"
        },
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
    },
    {
        "digest": {
            "length": 2576.0,
            "function_hash": "190075725278115512198961705506710166462"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2017-3731-9e5d08af",
        "target": {
            "function": "chacha20_poly1305_ctrl",
            "file": "crypto/evp/e_chacha20_poly1305.c"
        },
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "249268130122618982221397096100961611788",
                "49308803901569287939821745393558810880",
                "102123395012805653234972220826876345324",
                "287229816695624475669447046210770439239",
                "163478244482245408513206232913317490644",
                "338244759701655409950710234690089770936",
                "95801878201965267387487323207020864476"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2017-3731-d1cf9f8d",
        "target": {
            "file": "crypto/evp/e_chacha20_poly1305.c"
        },
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
    },
    {
        "digest": {
            "length": 2923.0,
            "function_hash": "263680761763399615688609265863755459005"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2017-3731-f46e33f4",
        "target": {
            "function": "aes_gcm_ctrl",
            "file": "crypto/evp/e_aes.c"
        },
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3731.json"