Candidate: CVE-2017-3730
PublicDate: 2017-05-04 19:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
 https://www.openssl.org/news/secadv/20170126.txt
Description:
 In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad
 parameters for a DHE or ECDHE key exchange then this can result in the
 client attempting to dereference a NULL pointer leading to a client crash.
 This could be exploited in a Denial of Service attack.
Ubuntu-Description: 
Notes: 
 mdeslaur> 1.1.0 only
Bugs: 
Priority: medium
Discovered-by: Guido Vranken
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_openssl:
upstream_openssl: needs-triage
precise_openssl: not-affected
trusty_openssl: not-affected
trusty/esm_openssl: not-affected
vivid/ubuntu-core_openssl: not-affected
vivid/stable-phone-overlay_openssl: not-affected
xenial_openssl: not-affected
esm-infra/xenial_openssl: not-affected
yakkety_openssl: not-affected
devel_openssl: not-affected

Patches_openssl098:
upstream_openssl098: needs-triage
precise_openssl098: not-affected
trusty_openssl098: not-affected
trusty/esm_openssl098: DNE (trusty was not-affected)
vivid/ubuntu-core_openssl098: DNE
vivid/stable-phone-overlay_openssl098: DNE
xenial_openssl098: DNE
yakkety_openssl098: DNE
devel_openssl098: DNE