During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: openssl
Published: 2017-05-04T19:00:00Z
Updated: 2024-09-16T16:18:03.381Z
Reserved: 2016-12-16T00:00:00
Link: CVE-2017-3733
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-05-04T19:29:00.430
Modified: 2024-11-21T03:26:01.803
Link: CVE-2017-3733
Redhat