High severity7.5NVD Advisory· Published May 4, 2017· Updated May 13, 2026

CVE-2017-3730

Description

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Affected products

OpenSSL Project/OpenSSL5 versions
cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*
- (no CPE)range: openssl-1.1.0
Oracle Corporation/Agile Engineering Data Management2 versions
cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:*:*:*:*:*:*:*
Oracle Corporation/Communications Application Session Controller2 versions
cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*
Oracle Corporation/Communications Eagle Lnp Application Processor3 versions
cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*
Oracle Corporation/Communications Operations Monitor2 versions
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
Oracle Corporation/Jd Edwards Enterpriseone Tools
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
Oracle Corporation/Jd Edwards World Security4 versions
cpe:2.3:a:oracle:jd_edwards_world_security:a9.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvdPatch
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvdPatch
github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaanvdPatchThird Party Advisory
www.openssl.org/news/secadv/20170126.txtnvdPatchVendor Advisory
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatch
www.exploit-db.com/exploits/41192/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/95812nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037717nvdThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201702-07nvdThird Party Advisory
support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.042
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000