// For flags

CVE-2017-3737

openssl: Read/write after SSL object in error state

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 (comenzando desde la versión 1.0.2b) introdujo un mecanismo de "error state" (estado de error). La intención era que, si ocurría un error fatal durante una negociación, OpenSSL entraría en el estado de error y fallaría automáticamente si se intentase continuar la negociación. Esto funciona tal y como se ha diseñado para las funciones de negociación explícitas (SSL_do_handshake(), SSL_accept() y SSL_connect()); sin embargo, debido a un error, no funciona correctamente si se llama directamente a SSL_read() o a SSL_write(). En ese caso, si la negociación fracasa, se devolverá un error fatal en la llamada de función inicial. Si, posteriormente, la aplicación llama a SSL_read()/SSL_write() para el mismo objeto SSL, tendrá éxito y los datos se pasarán sin cifrarse/descifrarse directamente desde la capa de registro SSL/TLS. Para explotar esta vulnerabilidad, debería existir un error de aplicación que resulte en una llamada a SSL_read()/SSL_write() que se realiza una vez ya se ha recibido un error fatal. Las versiones 1.0.2b-1.0.2m de OpenSSL se han visto afectadas. Se ha solucionado en OpenSSL 1.0.2n. OpenSSL 1.1.0 no se ha visto afectada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-16 CVE Reserved
  • 2017-12-07 CVE Published
  • 2024-03-12 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
  • CWE-391: Unchecked Error Condition
  • CWE-787: Out-of-bounds Write
CAPEC
References (23)
URL Tag Source
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html X_refsource_confirm
http://www.securityfocus.com/bid/102103 Third Party Advisory
http://www.securitytracker.com/id/1039978 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf X_refsource_confirm
https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc X_refsource_confirm
https://security.netapp.com/advisory/ntap-20171208-0001 Third Party Advisory
https://security.netapp.com/advisory/ntap-20180117-0002 X_refsource_confirm
https://security.netapp.com/advisory/ntap-20180419-0002 X_refsource_confirm
https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html X_refsource_misc
https://www.tenable.com/security/tns-2017-16 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
https://access.redhat.com/errata/RHSA-2018:0998 2019-10-03
https://access.redhat.com/errata/RHSA-2018:2185 2019-10-03
https://access.redhat.com/errata/RHSA-2018:2186 2019-10-03
https://access.redhat.com/errata/RHSA-2018:2187 2019-10-03
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc 2019-10-03
https://security.gentoo.org/glsa/201712-03 2019-10-03
https://www.debian.org/security/2017/dsa-4065 2019-10-03
https://www.openssl.org/news/secadv/20171207.txt 2019-10-03
https://access.redhat.com/security/cve/CVE-2017-3737 2018-07-12
https://bugzilla.redhat.com/show_bug.cgi?id=1523504 2018-07-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2b
Search vendor "Openssl" for product "Openssl" and version "1.0.2b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2c
Search vendor "Openssl" for product "Openssl" and version "1.0.2c"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2d
Search vendor "Openssl" for product "Openssl" and version "1.0.2d"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2e
Search vendor "Openssl" for product "Openssl" and version "1.0.2e"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2f
Search vendor "Openssl" for product "Openssl" and version "1.0.2f"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2g
Search vendor "Openssl" for product "Openssl" and version "1.0.2g"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2h
Search vendor "Openssl" for product "Openssl" and version "1.0.2h"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2i
Search vendor "Openssl" for product "Openssl" and version "1.0.2i"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2j
Search vendor "Openssl" for product "Openssl" and version "1.0.2j"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2k
Search vendor "Openssl" for product "Openssl" and version "1.0.2k"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2l
Search vendor "Openssl" for product "Openssl" and version "1.0.2l"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2m
Search vendor "Openssl" for product "Openssl" and version "1.0.2m"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected