CVE-2017-3730

HIGH

OpenSSL <1.1.0d - DoS

Title source: llm

Description

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Exploits (3)

exploitdb WORKING POC
by Guido Vranken · cdosmultiple
https://www.exploit-db.com/exploits/41192
nomisec WORKING POC
by olivierh59500 · poc
https://github.com/olivierh59500/CVE-2017-3730

References (10)

Scores

CVSS v3 7.5
EPSS 0.5292
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (22)
openssl/openssl 1.1.0
openssl/openssl 1.1.0a
openssl/openssl 1.1.0b
openssl/openssl 1.1.0c
OpenSSL/OpenSSL openssl-1.1.0
OpenSSL/OpenSSL openssl-1.1.0a
OpenSSL/OpenSSL openssl-1.1.0b
OpenSSL/OpenSSL openssl-1.1.0c
oracle/agile_engineering_data_management 6.1.3
oracle/agile_engineering_data_management 6.2.0
... and 12 more
Published May 04, 2017
Tracked Since Feb 18, 2026