CVE-2017-3731

Priority
Description
If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or
client to perform an out-of-bounds read, usually resulting in a crash. For
OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;
users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be
triggered when using RC4-MD5; users who have not disabled that algorithm
should update to 1.0.2k.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:DNE
Ubuntu 14.04 ESM:DNE (trusty was needs-triage)
Patches:
More Information

Updated: 2022-04-13 12:59:18 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)