PT-2017-3944 · Mysql Server+10 · Mysql Server+11

Published

2017-01-26

·

Updated

2026-04-30

·

CVE-2017-3731

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2k OpenSSL versions 1.1.0 through 1.1.0d MySQL Server versions 5.6.35 and earlier MySQL Server versions 5.7.18 and earlier
Description The issue is related to an out-of-bounds read in the OpenSSL library when using specific ciphers, such as CHACHA20/POLY1305 or RC4-MD5, on a 32-bit host. This can cause a server or client to crash when a truncated packet is received. A remote attacker could exploit this vulnerability to cause a denial of service.
Recommendations For OpenSSL version 1.1.0, update to 1.1.0d. For OpenSSL version 1.0.2, update to 1.0.2k if the RC4-MD5 algorithm has not been disabled. For MySQL Server versions 5.6.35 and earlier, and 5.7.18 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the use of vulnerable ciphers, such as CHACHA20/POLY1305 or RC4-MD5, until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-1092
ALT-PU-2017-1439
BDU:2020-02909
CESA-2017_0286
CVE-2017-3731
DLA-814-1
DSA-3773-1
MGASA-2017-0042
MGASA-2017-0390
OPENSUSE-SU-2017_2868-1
OPENSUSE-SU-2018_0458-1
OPENSUSE-SU-2024:11125-1
OPENSUSE-SU-2024:11126-1
OPENSUSE-SU-2024:11127-1
RHSA-2017:0286
RHSA-2017_0286
RHSA-2018:2185
RHSA-2018:2186
SUSE-FU-2022:0445-1
SUSE-SU-2017:0431-1
SUSE-SU-2017:0441-1
SUSE-SU-2017:0461-1
SUSE-SU-2017:0495-1
SUSE-SU-2017:0855-1
SUSE-SU-2017:2700-1
SUSE-SU-2018:0112-1
USN-3181-1

Affected Products

Alt Linux
Centos
Cisco Ios Xe
Cisco Wls
Freebsd
Huawei Vrp
Ibm Aix
Mysql Server
Openssl
Red Hat
Suse
Ubuntu