OpenSSL CVE-2017-3731 Denial of Service Vulnerability

OpenSSL is prone to denial-of-service vulnerability.

An attacker may exploit this issue to crash the application, resulting in denial-of-service condition.

Versions prior to OpenSSL 1.1.0d and 1.0.2k are vulnerable.

Information

Bugtraq ID: 95813
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-3731

Remote: Yes
Local: No
Published: Jan 26 2017 12:00AM
Updated: Apr 21 2017 01:07PM
Credit: Robert Swiecki of Google.
Vulnerable: Ubuntu Ubuntu Linux 16.10
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Paloaltonetworks PAN-OS 6.1.0 0
Paloaltonetworks PAN-OS 7.1
Paloaltonetworks PAN-OS 7.0.14
Paloaltonetworks PAN-OS 7.0.13
Paloaltonetworks PAN-OS 7.0.12
Paloaltonetworks PAN-OS 7.0.11
Paloaltonetworks PAN-OS 7.0.10
Paloaltonetworks PAN-OS 7.0.5
Paloaltonetworks PAN-OS 7.0.4
Paloaltonetworks PAN-OS 7.0.1
Paloaltonetworks PAN-OS 7.0
Paloaltonetworks PAN-OS 8.0
Paloaltonetworks PAN-OS 7.0.9
Paloaltonetworks PAN-OS 7.0.8
Paloaltonetworks PAN-OS 7.0.7
Oracle Enterprise Linux 7
OpenSSL Project OpenSSL 1.1
OpenSSL Project OpenSSL 1.0.2
OpenSSL Project OpenSSL 1.1.0c
OpenSSL Project OpenSSL 1.1.0b
OpenSSL Project OpenSSL 1.1.0a
OpenSSL Project OpenSSL 1.0.2j
OpenSSL Project OpenSSL 1.0.2i
OpenSSL Project OpenSSL 1.0.2h
OpenSSL Project OpenSSL 1.0.2g
OpenSSL Project OpenSSL 1.0.2f
OpenSSL Project OpenSSL 1.0.2e
OpenSSL Project OpenSSL 1.0.2d
OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.2a
IBM Vios 2.2.3
IBM Vios 2.2.1 4
IBM Vios 2.2
IBM Vios 2.2.4.0
IBM Vios 2.2.3.50
IBM Vios 2.2.3.4
IBM Vios 2.2.3.3
IBM Vios 2.2.3.2
IBM Vios 2.2.2.6
IBM Vios 2.2.2.5
IBM Vios 2.2.2.4
IBM Vios 2.2.2.0
IBM Vios 2.2.1.9
IBM Vios 2.2.1.8
IBM Vios 2.2.1.3
IBM Vios 2.2.1.1
IBM Vios 2.2.1.0
IBM Vios 2.2.0.13
IBM Vios 2.2.0.12
IBM Vios 2.2.0.11
IBM Vios 2.2.0.10
IBM SDK for Node.js 6.9.4.0
IBM SDK for Node.js 6.7.0.0
IBM SDK for Node.js 6.6.0.0
IBM SDK for Node.js 6.2.0.0
IBM SDK for Node.js 6.1.0.0
IBM SDK for Node.js 6.0.0.0
IBM SDK for Node.js 4.7.2.0
IBM SDK for Node.js 4.4.6.0
IBM SDK for Node.js 4.4.5.0
IBM SDK for Node.js 4.4.4.0
IBM SDK for Node.js 4.4.3.0
IBM SDK for Node.js 4.4.2.0
IBM SDK for Node.js 4.4.1.0
IBM SDK for Node.js 4.4.0.0
IBM SDK for Node.js 4.3.2.0
IBM Aix 7.2
IBM AIX 7.1
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 6

Not Vulnerable: Paloaltonetworks PAN-OS 7.0.15
OpenSSL Project OpenSSL 1.1.0d
OpenSSL Project OpenSSL 1.0.2k

References:

• OpenSSL Homepage (OpenSSL)
  
• OpenSSL Security Advisory [26 Jan 2017] (OpenSSL)
  
• OpenSSL vulnerabilities (OpenSSL)
  
• OpenSSL Vulnerability (PAN-SA-2017-0012) (paloaltonetworks)
  
• Security Bulletin: Vulnerabilities in OpenSSL affect AIX CVE-2017-3731 (IBM)
  
• swg21999842: Vulnerabilities in OpenSSL affect IBM? SDK for Node.js!22 in IBM Bl (IBM)
  

Source: www.securityfocus.com