漏洞信息详情

OpenSSL 缓冲区错误漏洞

  • CNNVD编号:CNNVD-201712-217
  • 危害等级: 中危
  • CVE编号: CVE-2017-3737
  • 漏洞类型: 缓冲区错误
  • 发布时间: 2017-12-08
  • 威胁类型: 远程
  • 更新时间: 2019-10-23
  • 厂        商: openssl
  • 漏洞来源:

漏洞简介

OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。

OpenSSL 1.0.2b版本至1.0.2版本中存在缓冲区错误漏洞。攻击者可利用该漏洞绕过安全限制,执行未授权的操作。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://www.openssl.org/news/vulnerabilities.html#toc

参考网址

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20180419-0002/

来源:CONFIRM

链接:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

来源:CONFIRM

链接:https://www.openssl.org/news/secadv/20171207.txt

来源:FREEBSD

链接:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc

来源:SECTRACK

链接:http://www.securitytracker.com/id/1039978

来源:MISC

链接:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:2187

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:2186

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:2185

来源:CONFIRM

链接:https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc

来源:GENTOO

链接:https://security.gentoo.org/glsa/201712-03

来源:CONFIRM

链接:https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf

来源:BID

链接:https://www.securityfocus.com/bid/102103

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2018:0998

来源:DEBIAN

链接:https://www.debian.org/security/2017/dsa-4065

来源:CONFIRM

链接:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20171208-0001/

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20180117-0002/

来源:CONFIRM

链接:https://www.tenable.com/security/tns-2017-16

来源:CONFIRM

链接:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

来源:MISC

链接:https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10887987

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10887995

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10887989

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10887985

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10887991

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.2261/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.2536/

来源:www-01.ibm.com

链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10887987

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10879093

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/78218

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/78082

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10888295

漏洞信息快速查询

相关漏洞

更多