OpenSSL Vulnerability Fixed in Version 1.0.2m

Submitted on 2. November 2017 - 17:28 by rischi.
Last update on 2. November 2017 - 22:12.

IDs:

CVE-2017-3736, CVE-2017-3735

Keywords:

OpenSSL

Description:

OpenSSL released a security advisory on November 2, 2017, describing two vulnerabilities fixed in the newest releases [1].

Airlock WAF is not affected

Details:

CVE-2017-3736: Carry propagating bugs in a squaring and multiplication function. The vulnerability is very similar to CVE-2017-3732 and CVE-2015-3193 [2]. Exploiting the vulnerabilities is very difficult in general and even impossible in the context of Airlock WAF.

CVE-2017-3735: One-byte buffer overread vulnerability related to X.509 certificate processing. The criticality for Airlock WAF is negligible.

Resolution:

No action required.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Does not affect back-end behind Airlock

Reference:

[1] OpenSSL Security Advisory [02 Nov 2017]

[2] TZ article "OpenSSL Vulnerability Fixed in Version 1.0.2k"

Main menu

Navigation

User menu

You are here

OpenSSL Vulnerability Fixed in Version 1.0.2m

Main menu

Search form

Navigation

User menu

You are here

OpenSSL Vulnerability Fixed in Version 1.0.2m