← Back

CVE-2017-3730

nvd nist
Published: May 4, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Affected (18)

Openssl
1 product
Openssl
Oracle
6 products
Agile Engineering Data Management
Communications Application Session Controller
Communications Eagle Lnp Application Processor
Communications Operations Monitor
Jd Edwards Enterpriseone Tools
Jd Edwards World Security
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Openssl
Openssl
Version 1.1.0
Openssl
Version 1.1.0a
Openssl
Version 1.1.0b
Openssl
Version 1.1.0c
Configuration B
14 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Agile Engineering Data Management
Version 6.1.3
Agile Engineering Data Management
Version 6.2.0
Oracle
Communications Application Session Controller
Version 3.7.1
Communications Application Session Controller
Version 3.8.0
Oracle
Communications Eagle Lnp Application Processor
Version 10.0
Communications Eagle Lnp Application Processor
Version 10.1
Communications Eagle Lnp Application Processor
Version 10.2
Oracle
Communications Operations Monitor
Version 3.4
Communications Operations Monitor
Version 4.0
Jd Edwards Enterpriseone Tools
Version 9.2
Oracle
Jd Edwards World Security
Version a9.1
Jd Edwards World Security
Version a9.2
Jd Edwards World Security
Version a9.3
Jd Edwards World Security
Version a9.4

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (20)

Source: openssl-security@openssl.org
Patch
Source: openssl-security@openssl.org
Patch
Source: openssl-security@openssl.org
Broken LinkThird Party AdvisoryVDB Entry
Source: openssl-security@openssl.org
Third Party AdvisoryVDB Entry
Source: openssl-security@openssl.org
PatchThird Party Advisory
Source: openssl-security@openssl.org
Third Party Advisory
Source: openssl-security@openssl.org
Third Party Advisory
Source: openssl-security@openssl.org
ExploitThird Party AdvisoryVDB Entry
Source: openssl-security@openssl.org
PatchVendor Advisory
Source: openssl-security@openssl.org
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.