|
|||
Rule General Information |
---|
Release Date: | 2017-08-30 | |
Rule Name: | PROTOCOL-SSL Openssl Chacha20-poly1305 and RC4-MD5 Integer Underflow Vulnerability -1 (CVE-2017-3731) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | |
Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
Affected OS: | Solaris, Other Unix, FreeBSD, Linux | |
Reference: | SecurityFocusBID:95813 SecurityTrackerID:1037717 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: http://www.openssl.org/news/secadv/20170126.txt |