CVE-2017-3730
Bad (EC)DHE parameters cause a client crash
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
Affected products
OpenSSL · OpenSSLpublic PoCs found — 3
githubgithub.com/olivierh59500/CVE-2017-3730★ 0cve_referencewww.exploit-db.com/exploits/41192/unverifiedexploitdbwww.exploit-db.com/exploits/41192unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaahttps://security.gentoo.org/glsa/201702-07https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_ushttps://www.exploit-db.com/exploits/41192/https://www.openssl.org/news/secadv/20170126.txthttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/95812http://www.securitytracker.com/id/1037717