CVE-2017-3731

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-3731
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3731.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-3731
Downstream
Related
Published
2017-05-04T19:29:00Z
Modified
2025-10-18T08:49:28.315017Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
6dc12b1042d5d4727f77e8a1c5758dab91400069
Fixed
79f015aa49f29185aadeb29cd5c06843745f72e2

Affected versions

v4.*

v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
00d965474b22b54e4275232bc71ee0c699c5cd21

Affected versions

Other

BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_0a
OpenSSL_1_1_0b
OpenSSL_1_1_0c
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-3731-1941b72b",
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
        "signature_type": "Function",
        "target": {
            "function": "aes_ccm_ctrl",
            "file": "crypto/evp/e_aes.c"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "221735333621247249205544300326653651031",
            "length": 1781.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2017-3731-41add88c",
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
        "signature_type": "Line",
        "target": {
            "file": "crypto/evp/e_aes.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "258332393461523318300772418283316247240",
                "139455449470853885843312740408088404667",
                "299560138836707757772546515239509527055",
                "196819153725239350090704975974326428859",
                "107191961654897997411654721196022093301",
                "15996322021237148727573568799963605600",
                "57798510971080246332159561077791581992",
                "151878145502330302568752946372148960554",
                "147327775481107408714039356309321399255",
                "21217088637283268914316745231029260860",
                "33610301170652250267779137292753224093",
                "199725929091931850549957399955877992477"
            ]
        },
        "deprecated": false
    },
    {
        "id": "CVE-2017-3731-9e5d08af",
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
        "signature_type": "Function",
        "target": {
            "function": "chacha20_poly1305_ctrl",
            "file": "crypto/evp/e_chacha20_poly1305.c"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "190075725278115512198961705506710166462",
            "length": 2576.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2017-3731-d1cf9f8d",
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
        "signature_type": "Line",
        "target": {
            "file": "crypto/evp/e_chacha20_poly1305.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "249268130122618982221397096100961611788",
                "49308803901569287939821745393558810880",
                "102123395012805653234972220826876345324",
                "287229816695624475669447046210770439239",
                "163478244482245408513206232913317490644",
                "338244759701655409950710234690089770936",
                "95801878201965267387487323207020864476"
            ]
        },
        "deprecated": false
    },
    {
        "id": "CVE-2017-3731-f46e33f4",
        "source": "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21",
        "signature_type": "Function",
        "target": {
            "function": "aes_gcm_ctrl",
            "file": "crypto/evp/e_aes.c"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "263680761763399615688609265863755459005",
            "length": 2923.0
        },
        "deprecated": false
    }
]