If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
{ "vanir_signatures": [ { "id": "CVE-2017-3731-1941b72b", "digest": { "length": 1781.0, "function_hash": "221735333621247249205544300326653651031" }, "signature_type": "Function", "deprecated": false, "target": { "file": "crypto/evp/e_aes.c", "function": "aes_ccm_ctrl" }, "signature_version": "v1", "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21" }, { "id": "CVE-2017-3731-41add88c", "digest": { "line_hashes": [ "258332393461523318300772418283316247240", "139455449470853885843312740408088404667", "299560138836707757772546515239509527055", "196819153725239350090704975974326428859", "107191961654897997411654721196022093301", "15996322021237148727573568799963605600", "57798510971080246332159561077791581992", "151878145502330302568752946372148960554", "147327775481107408714039356309321399255", "21217088637283268914316745231029260860", "33610301170652250267779137292753224093", "199725929091931850549957399955877992477" ], "threshold": 0.9 }, "signature_type": "Line", "deprecated": false, "target": { "file": "crypto/evp/e_aes.c" }, "signature_version": "v1", "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21" }, { "id": "CVE-2017-3731-9e5d08af", "digest": { "length": 2576.0, "function_hash": "190075725278115512198961705506710166462" }, "signature_type": "Function", "deprecated": false, "target": { "file": "crypto/evp/e_chacha20_poly1305.c", "function": "chacha20_poly1305_ctrl" }, "signature_version": "v1", "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21" }, { "id": "CVE-2017-3731-d1cf9f8d", "digest": { "line_hashes": [ "249268130122618982221397096100961611788", "49308803901569287939821745393558810880", "102123395012805653234972220826876345324", "287229816695624475669447046210770439239", "163478244482245408513206232913317490644", "338244759701655409950710234690089770936", "95801878201965267387487323207020864476" ], "threshold": 0.9 }, "signature_type": "Line", "deprecated": false, "target": { "file": "crypto/evp/e_chacha20_poly1305.c" }, "signature_version": "v1", "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21" }, { "id": "CVE-2017-3731-f46e33f4", "digest": { "length": 2923.0, "function_hash": "263680761763399615688609265863755459005" }, "signature_type": "Function", "deprecated": false, "target": { "file": "crypto/evp/e_aes.c", "function": "aes_gcm_ctrl" }, "signature_version": "v1", "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21" } ] }