CVE-2017-3737
- Source
- https://cve.org/CVERecord?id=CVE-2017-3737
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3737.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-3737
- Downstream
- Related
- Published
- 2017-12-07T16:29:00.193Z
- Modified
- 2026-04-11T04:14:32.909092Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSLdohandshake(), SSLaccept() and SSLconnect()), however due to a bug it does not work correctly if SSLread() or SSLwrite() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSLread()/SSLwrite() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread()/SSLwrite() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
- References
-
- https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf
- https://www.tenable.com/security/tns-2017-16
- http://www.securityfocus.com/bid/102103
- http://www.securitytracker.com/id/1039978
- https://security.gentoo.org/glsa/201712-03
- https://security.netapp.com/advisory/ntap-20171208-0001/
- https://www.debian.org/security/2017/dsa-4065
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://www.openssl.org/news/secadv/20171207.txt
- https://access.redhat.com/errata/RHSA-2018:2186
- https://access.redhat.com/errata/RHSA-2018:2187
- https://security.netapp.com/advisory/ntap-20180419-0002/
- https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://access.redhat.com/errata/RHSA-2018:0998
- https://access.redhat.com/errata/RHSA-2018:2185
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc
- https://security.netapp.com/advisory/ntap-20180117-0002/
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.0.2b" }, { "introduced": "0" }, { "last_affected": "1.0.2c" }, { "introduced": "0" }, { "last_affected": "1.0.2d" }, { "introduced": "0" }, { "last_affected": "1.0.2e" }, { "introduced": "0" }, { "last_affected": "1.0.2f" }, { "introduced": "0" }, { "last_affected": "1.0.2g" }, { "introduced": "0" }, { "last_affected": "1.0.2h" }, { "introduced": "0" }, { "last_affected": "1.0.2i" }, { "introduced": "0" }, { "last_affected": "1.0.2j" }, { "introduced": "0" }, { "last_affected": "1.0.2k" }, { "introduced": "0" }, { "last_affected": "1.0.2l" }, { "introduced": "0" }, { "last_affected": "1.0.2m" } ] }
Affected versions
Other
OpenSSL_1_0_2
OpenSSL_1_0_2-beta1
OpenSSL_1_0_2-beta2
OpenSSL_1_0_2-beta3
OpenSSL_1_0_2-post-auto-reformat
OpenSSL_1_0_2-post-reformat
OpenSSL_1_0_2-pre-auto-reformat
OpenSSL_1_0_2-pre-reformat
OpenSSL_1_0_2a
OpenSSL_1_0_2b
OpenSSL_1_0_2c
OpenSSL_1_0_2d
OpenSSL_1_0_2e
OpenSSL_1_0_2f
OpenSSL_1_0_2g
OpenSSL_1_0_2h
OpenSSL_1_0_2i
OpenSSL_1_0_2j
OpenSSL_1_0_2k
OpenSSL_1_0_2l
OpenSSL_1_0_2m
OpenSSL_1_0_2n
OpenSSL_1_0_2o
OpenSSL_1_0_2p
OpenSSL_1_0_2q
OpenSSL_1_0_2r
OpenSSL_1_0_2s
OpenSSL_1_0_2t
OpenSSL_1_0_2u
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]
vanir_signatures_modified
"2026-04-11T04:14:32Z"
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "ssl/ssl.h"
},
"id": "CVE-2017-3737-cb1c25d5",
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc",
"signature_version": "v1",
"digest": {
"line_hashes": [
"328360217562015334174612851757298380863",
"190491506472494106552516757670043108211",
"217573657763067835266201114262519364526",
"162502853176602452394369480837555926446"
],
"threshold": 0.9
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3737.json"