During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: openssl
Published: 2017-02-16T00:00:00
Updated: 2019-04-23T19:08:15
Reserved: 2016-12-16T00:00:00
Link: CVE-2017-3733
JSON object: View
NVD Information
Status : Modified
Published: 2017-05-04T19:29:00.430
Modified: 2019-04-23T19:30:00.973
Link: CVE-2017-3733
JSON object: View
Redhat Information
No data.
CWE