CVE-2017-3730

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0d

Description The issue is related to a null pointer dereference in the OpenSSL library. This can be exploited by a remote attacker to cause a denial of service. If a malicious server provides bad parameters for a DHE or ECDHE key exchange, the client may attempt to dereference a null pointer, leading to a client crash. This could be exploited in a denial of service attack.

Recommendations For versions 1.1.0 through 1.1.0d, update to version 1.1.0d or later to resolve the issue. As a temporary workaround, consider restricting the use of DHE or ECDHE key exchange until a patch is available.