Vulnerability Description
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 1.0.2b |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/102103Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039978Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0998
- https://access.redhat.com/errata/RHSA-2018:2185
- https://access.redhat.com/errata/RHSA-2018:2186
- https://access.redhat.com/errata/RHSA-2018:2187
- https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf
- https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.ascThird Party Advisory
- https://security.gentoo.org/glsa/201712-03Third Party Advisory
- https://security.netapp.com/advisory/ntap-20171208-0001/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20180117-0002/
FAQ
What is CVE-2017-3737?
CVE-2017-3737 is a vulnerability with a CVSS score of 5.9 (MEDIUM). OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and wo...
How severe is CVE-2017-3737?
CVE-2017-3737 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3737?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Debian Debian Linux.