CVE-2017-3731

Name: CVE-2017-3731
Creator: NVD / NIST
Published: 2017-05-04T19:29:00.353+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 57.59%

Last modified Jun 17, 2026

CVE-2017-3731 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. EPSS estimates a 57.59% chance of exploitation in the next 30 days.

Description

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

57.59%

99.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions
Openssl	Openssl	1.1.0a
Openssl	Openssl	1.1.0b
Openssl	Openssl	1.1.0c
Openssl	Openssl	1.0.2
Openssl	Openssl	1.0.2a
Openssl	Openssl	1.0.2b
Openssl	Openssl	1.0.2c
Openssl	Openssl	1.0.2d
Openssl	Openssl	1.0.2e
Openssl	Openssl	1.0.2f
Openssl	Openssl	1.0.2h
Openssl	Openssl	1.0.2i
Openssl	Openssl	1.0.2j
Nodejs	Node.Js	>= 4.0.0, <= 4.1.2
Nodejs	Node.Js	>= 4.2.0, < 4.7.3
Nodejs	Node.Js	>= 5.0.0, <= 5.12.0
Nodejs	Node.Js	>= 6.0.0, <= 6.8.1
Nodejs	Node.Js	>= 6.9.0, < 6.9.5
Nodejs	Node.Js	>= 7.0.0, < 7.5.0

References

http://rhn.redhat.com/errata/RHSA-2017-0286.htmlThird Party Advisory
http://www.debian.org/security/2017/dsa-3773Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Third Party Advisory
http://www.securityfocus.com/bid/95813Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037717Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:2185Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2186Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2187Third Party Advisory
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.ascThird Party Advisory
https://security.gentoo.org/glsa/201702-07Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0002/Third Party Advisory
https://security.paloaltonetworks.com/CVE-2017-3731Third Party Advisory
https://source.android.com/security/bulletin/pixel/2017-11-01Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_usThird Party Advisory
https://www.openssl.org/news/secadv/20170126.txtVendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
https://www.tenable.com/security/tns-2017-04Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0286.htmlThird Party Advisory
http://www.debian.org/security/2017/dsa-3773Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatch, Third Party Advisory
http://www.securityfocus.com/bid/95813Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037717Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:2185Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2186Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2187Third Party Advisory
https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.ascThird Party Advisory
https://security.gentoo.org/glsa/201702-07Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0002/Third Party Advisory
https://security.paloaltonetworks.com/CVE-2017-3731Third Party Advisory
https://source.android.com/security/bulletin/pixel/2017-11-01Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_usThird Party Advisory
https://www.openssl.org/news/secadv/20170126.txtVendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
https://www.tenable.com/security/tns-2017-04Third Party Advisory

Timeline

Published: May 4, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-3731?

How severe is CVE-2017-3731?

CVE-2017-3731 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 57.59% probability of exploitation in the next 30 days.

How do I fix CVE-2017-3731?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-3731?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST