This is a great share David. Any information on how to check for the vulnerability versus just looking at the version? For example CLI command or API call? It would be a nice value-add to our suite of in-development proxysg Knowledge bits.
OpenSSL Security Advisory [26 Jan 2017]
Truncated packet could crash via OOB read (CVE-2017-3731)
If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or client
to perform an out-of-bounds read, usually resulting in a crash.
For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;
users should upgrade to 1.1.0d
For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have
not disabled that algorithm should update to 1.0.2k