CVE-2017-3730

HIGH

OpenSSL 1.1.0 - Denial of Service via NULL Pointer Dereference in DHE/ECDHE Key Exchange

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-3730. PoCs published by Guido Vranken, olivierh59500.

AI-analyzed exploit summary This PoC exploits CVE-2017-3730, a DoS vulnerability in OpenSSL 1.1.0, by forcing a specific cipher suite during TLS handshake, causing a crash in servers like Postfix. It sets up a malicious SSL server to trigger the flaw when a client connects.

Description

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

Exploits (2)

exploitdb WORKING POC
by Guido Vranken · cdosmultiple
https://www.exploit-db.com/exploits/41192

This PoC exploits CVE-2017-3730, a DoS vulnerability in OpenSSL 1.1.0, by forcing a specific cipher suite during TLS handshake, causing a crash in servers like Postfix. It sets up a malicious SSL server to trigger the flaw when a client connects.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL 1.1.0 (and applications using it, e.g., Postfix)
No auth needed
Prerequisites: Network access to target · Target using vulnerable OpenSSL 1.1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by olivierh59500 · poc
https://github.com/olivierh59500/CVE-2017-3730

This repository contains a proof-of-concept exploit for CVE-2017-3730, an OpenSSL vulnerability related to invalid DH parameters. The exploit demonstrates crashing OpenSSL 1.1.0 clients and Postfix by serving malformed DH parameters during TLS handshakes.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL 1.1.0, Postfix with OpenSSL 1.1.0
No auth needed
Prerequisites: OpenSSL 1.1.0 client or Postfix compiled with OpenSSL 1.1.0 · Modified mbed TLS server with patched DH parameters · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41192/
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95812
Patch, Vendor Advisory x_refsource_confirm
https://www.openssl.org/news/secadv/20170126.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037717
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201702-07

Scores

CVSS v3 7.5
EPSS 0.5922
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (22)
openssl/openssl 1.1.0
openssl/openssl 1.1.0a
openssl/openssl 1.1.0b
openssl/openssl 1.1.0c
OpenSSL/OpenSSL openssl-1.1.0
OpenSSL/OpenSSL openssl-1.1.0a
OpenSSL/OpenSSL openssl-1.1.0b
OpenSSL/OpenSSL openssl-1.1.0c
oracle/agile_engineering_data_management 6.1.3
oracle/agile_engineering_data_management 6.2.0
... and 12 more
Published May 04, 2017
Tracked Since Feb 18, 2026