CVE-2017-3731

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Severity	HIGH
CVSS	7.5
CWE	CWE-125
KEV
Published	9 years ago
Modified	6 days ago

Related Products

Product	Advisory	Evidence
UCS B-Series Blade Server Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Wireless LAN Controller (WLC)	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Webex Meetings	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco WebEx Meetings Server	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco WebEx Meeting Center	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Video Surveillance Media Server Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Unity Connection	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Unity	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Unified Intelligence Center	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Unified IP Phone 8945	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Unified Contact Center Express	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Unified Contact Center	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Unified Attendant Console	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco UCS Director	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco UCS B-Series Blade Server Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Telepresence Conductor	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco TelePresence Video Communication Server (VCS)	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco TelePresence	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco SocialMiner	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Secure Email and Web Manager	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Secure Email	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Performance Manager	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Optical	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Network Registrar	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Network	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime License Manager	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Infrastructure	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime IP Express	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Data Center Network Manager (DCNM)	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Collaboration Deployment	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Collaboration Assurance	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Collaboration	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Prime Access Registrar	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Nexus 3000 Series Switch	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Nexus 1000V InterCloud for VMware	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Network Analysis Module (NAM) Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Mobility Services Engine	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco MediaSense	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco MATE Live	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco MATE Design	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco MATE Collector	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Jabber for Windows	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Jabber for Mac	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Jabber Software Development Kit	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Jabber Guest	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Jabber	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Identity Services Engine Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco IP phone	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco IP Phone 8800 Series Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco IP Phone 7800 Series	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco IOS XR Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco IOS XE Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco IOS	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Hosted Collaboration Mediation Fulfillment	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Firepower System Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Finesse	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Expressway	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Emergency Responder	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Email Security Appliance (ESA)	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Digital Media Player Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Content Security Management Appliance (SMA)	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Connected Grid Network Management System (CG-NMS)	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Application Policy Infrastructure Controller (APIC)	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Agent Desktop	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco ATA 187 Analog Telephone Adaptor	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco ASR 5000 Series Software	cisco-sa-20170130-openssl	Cisco OpenVuln
Cisco Catalyst 9600 Series Switches	cisco-sa-20170130-openssl	Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches	cisco-sa-20170130-openssl	Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches	cisco-sa-20170130-openssl	Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches	cisco-sa-20170130-openssl	Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches	cisco-sa-20170130-openssl	Cisco OpenVuln · software-dependent