CVE-2017-3733 - OpenCVE

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Operations Agent
Openssl	Openssl

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:1.1.0:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0b:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0c:::::::*
	cpe:2.3:a:openssl:openssl:1.1.0d:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:hp:operations_agent:11.14:::::::*
	cpe:2.3:a:hp:operations_agent:11.15:::::::*

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/96269	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037846
https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us	Third Party Advisory VDB Entry
https://www.openssl.org/news/secadv/20170216.txt	Vendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: openssl

Published: 2017-02-16T00:00:00

Updated: 2019-04-23T19:08:15

Reserved: 2016-12-16T00:00:00

Link: CVE-2017-3733

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-04T19:29:00.430

Modified: 2019-04-23T19:30:00.973

Link: CVE-2017-3733

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "openssl-1.1.0"}, {"status": "affected", "version": "openssl-1.1.0a"}, {"status": "affected", "version": "openssl-1.1.0b"}, {"status": "affected", "version": "openssl-1.1.0c"}, {"status": "affected", "version": "openssl-1.1.0d"}]}], "credits": [{"lang": "en", "value": "Joe Orton (Red Hat)"}], "datePublic": "2017-02-16T00:00:00", "descriptions": [{"lang": "en", "value": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "protocol error", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-23T19:08:15", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"name": "96269", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96269"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20170216.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"}, {"name": "1037846", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037846"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "title": "Encrypt-Then-Mac renegotiation crash", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2017-02-16", "ID": "CVE-2017-3733", "STATE": "PUBLIC", "TITLE": "Encrypt-Then-Mac renegotiation crash"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "openssl-1.1.0"}, {"version_value": "openssl-1.1.0a"}, {"version_value": "openssl-1.1.0b"}, {"version_value": "openssl-1.1.0c"}, {"version_value": "openssl-1.1.0d"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Joe Orton (Red Hat)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "protocol error"}]}]}, "references": {"reference_data": [{"name": "96269", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96269"}, {"name": "https://www.openssl.org/news/secadv/20170216.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20170216.txt"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2", "refsource": "MISC", "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"}, {"name": "1037846", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037846"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}]}}}}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2017-3733", "datePublished": "2017-02-16T00:00:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2019-04-23T19:08:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*", "matchCriteriaId": "B2E07A34-08A0-4765-AF81-46A3BDC5648A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*", "matchCriteriaId": "83B0A3D8-60C7-4F42-9DD6-C535F983D98B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:operations_agent:11.14:*:*:*:*:*:*:*", "matchCriteriaId": "739CE0EF-9D08-4A26-A82A-A117DBBF0717", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:operations_agent:11.15:*:*:*:*:*:*:*", "matchCriteriaId": "3429CA31-3B98-4227-8FB5-A56CAFFD641E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected."}, {"lang": "es", "value": "Durante un protocolo de enlace de renegociaci\u00f3n, si la extensi\u00f3n Encrypt-Then-Mac es negociada cuando no estaba en el protocolo de enlace original (o viceversa), se podr\u00eda provocar el cierre inesperado de OpenSSL (dependiente de una suite de cifrado) en versiones 1.1.0 anteriores a la 1.1.0e. Tanto los clientes como los servidores se ven afectados."}], "id": "CVE-2017-3733", "lastModified": "2019-04-23T19:30:00.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-04T19:29:00.430", "references": [{"source": "openssl-security@openssl.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "openssl-security@openssl.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96269"}, {"source": "openssl-security@openssl.org", "url": "http://www.securitytracker.com/id/1037846"}, {"source": "openssl-security@openssl.org", "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20170216.txt"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}