CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Published at
2017-05-04T19:29Z
2558 days ago
Modified
2019-04-23T19:30Z
1839 days ago
CWE-20
Problem type
Impact
- CVSS v3 vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Severity Score Vector
7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
URL | Type |
---|---|
www.openssl.org https://www.openssl.org/news/secadv/20170216.txt | CONFIRM |
96269 http://www.securityfocus.com/bid/96269 | BID |
h20566.www2.hpe.com https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us | CONFIRM |
1037846 http://www.securitytracker.com/id/1037846 | SECTRACK |
www.oracle.com http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM |
www.oracle.com http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM |
github.com https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2 | MISC |
www.oracle.com https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | MISC |
GET https://vulnerabilitydata.com/api/details/CVE-2017-3733
{ "id": "CVE-2017-3733", "published_date": "2017-05-04T19:29Z", "last_modified_date": "2019-04-23T19:30Z", "assigner": "openssl-security@openssl.org", "description": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.", "references": [ { "url": "https://www.openssl.org/news/secadv/20170216.txt", "name": "https://www.openssl.org/news/secadv/20170216.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/96269", "name": "96269", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", "refsource": "CONFIRM", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1037846", "name": "1037846", "refsource": "SECTRACK", "tags": [] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "tags": [] }, { "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2", "name": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2", "refsource": "MISC", "tags": [] }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "tags": [] } ], "impact": { "baseMetricV3": { "cvssV3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5 }, "severity": "MEDIUM", "exploitabilityScore": 10, "impactScore": 2.9, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } }, "problem_type": "CWE-20" }