|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-08-30 | |
| Rule Name: | PROTOCOL-SSL Openssl Chacha20-poly1305 and RC4-MD5 Integer Underflow Vulnerability -2 (CVE-2017-3731) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | SecurityFocusBID:95813 SecurityTrackerID:1037717 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://www.openssl.org/news/secadv/20170126.txt |