VDB
GCVE-VVD-MAGEIA-2017-390
GCVE-VVD-MAGEIA-2017-390
Advisory Published
This update provides the virtualbox 5.1.30 maintenance release, fixing
security and other issues:
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad
parameters for a DHE or ECDHE key exchange then this can result in
the client attempting to dereference a NULL pointer leading to a
client crash. This could be exploited in a Denial of Service attack
(CVE-2017-3730).
OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds
read when using a specific cipher. By sending specially crafted truncated
packets, a remote attacker could exploit this vulnerability using
CHACHA20/POLY1305 to cause the application to crash (CVE-2017-3731).
OpenSSL could allow a remote attacker to obtain sensitive information,
caused by a propagation error in the BN_mod_exp() function. An attacker
could exploit this vulnerability to obtain information about the private
key (CVE-2017-3732).
During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa)
then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on
ciphersuite). Both clients and servers are affected (CVE-2017-3733)
A local user can exploit a flaw in the Oracle VM VirtualBox Core component
to partially access data, partially modify data, and deny service
(CVE-2017-10392, CVE-2017-10407, CVE-2017-10408).
A local user can exploit a flaw in the Oracle VM VirtualBox Core component
to partially access data, partially modify data, and partially deny service
(CVE-2017-10428).
For other fixes in this update see the referenced changelog.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kmod-virtualbox | 0 (affected), 5.1.30-1.mga5 (unaffected) | — |
| Mageia | kmod-vboxadditions | 0 (affected), 5.1.30-1.mga5 (unaffected) | — |
| Mageia | virtualbox | 0 (affected), 5.1.30-1.mga5 (unaffected) | — |
| Mageia | kmod-virtualbox | 0 (affected), 5.1.30-1.mga6 (unaffected) | — |
| Mageia | virtualbox | 0 (affected), 5.1.30-1.mga6 (unaffected) | — |
| Mageia | kmod-vboxadditions | 0 (affected), 5.1.30-1.mga6 (unaffected) | — |
Aliases
Transitive aliases
VVD-MAGEIA-2017-42EUVD-2017-12850EUVD-2017-12847EUVD-2016-7933BDU:2020-02907VVD-CISA-2017-10392GHSA-544p-f4g7-j9whGHSA-cxwv-w4cv-77wpBDU:2020-02910H1-201346VVD-GENTOO-2017-625626GHSA-3rqr-v2gc-jxp4EUVD-2017-2075EUVD-2016-7934CVE-2016-7054cisco-sa-20170130-opensslCNVD-2017-01958GHSA-6553-6v42-5wqcCNVD-2017-02334GHSA-6j5f-6mxg-2mp9GHSA-wgw9-hgw6-6jgcGSD-2017-2730CNVD-2016-11095VVD-CISA-2017-3637BDU:2020-02969CNVD-2017-03330CVE-2017-3637CVE-2016-7055GSD-2016-7053WID-SEC-W-2024-0208EUVD-2017-2054EUVD-2017-2055BDU:2020-02911EUVD-2017-11873EUVD-2017-12754EUVD-2017-2039GHSA-hxpw-pxmm-q49rGHSA-hp2v-mmp5-5mcxVVD-CISA-2017-10408GSD-2017-3733BDU:2020-02908cisco-sa-20161114-opensslBDU:2020-02906CVE-2017-3730EUVD-2016-7935EUVD-2017-12849GHSA-5hg3-8gvm-5294GSD-2017-3730CVE-2016-7053GHSA-cm48-4cv7-p665GHSA-rq64-8m54-26j4WID-SEC-W-2022-1914GHSA-4p8f-59q4-ww8gVVD-CISA-2017-10428VVD-CISA-2017-10407
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.