Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-3730

Опубликовано: 26 янв. 2017
Источник: redhat
CVSS3: 5.9

Описание

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6opensslNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7opensslNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Linux 7OVMFNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected
Red Hat JBoss Core ServicesopensslNot affected
Red Hat JBoss Enterprise Application Platform 5opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1416855openssl: Bad (EC)DHE parameters cause a client crash

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-3730

CVSS3: 7.5
ubuntu
почти 9 лет назад

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

nvd логотип

CVE-2017-3730

CVSS3: 7.5
nvd
почти 9 лет назад

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

debian логотип

CVE-2017-3730

CVSS3: 7.5
debian
почти 9 лет назад

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad par ...

github логотип

GHSA-rq64-8m54-26j4

CVSS3: 7.5
github
больше 3 лет назад

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

fstec логотип

BDU:2020-02908

CVSS3: 7.5
fstec
почти 9 лет назад

Уязвимость библиотеки OpenSSL, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

5.9 Medium

CVSS3