CVE-2017-3737 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-550	openssl-1.0	1.0.2.l-2	1.0.2.n-1	Medium	Fixed
AVG-549	lib32-openssl	1.1.0.g-1		Medium	Not affected
AVG-548	openssl	1.1.0.g-1		Medium	Not affected
AVG-480	lib32-openssl-1.0	1.0.2.l-2	1.0.2.n-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
17 Dec 2017	ASA-201712-11	AVG-480	lib32-openssl-1.0	Medium	multiple issues

References
https://www.openssl.org/news/vulnerabilities.html#2017-3737 https://www.openssl.org/news/secadv/20171207.txt https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc

Notes
Only affects version 1.0.2