Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-3733

Опубликовано: 16 фев. 2017
Источник: redhat
CVSS3: 5.9

Описание

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

It was found that changing the ciphersuite during a renegotiation of the Encrypt-Then-Mac extension could result in a crash of the OpenSSL server or client.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensslNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6opensslNot affected
Red Hat Enterprise Linux 6openssl098eNot affected
Red Hat Enterprise Linux 7opensslNot affected
Red Hat Enterprise Linux 7openssl098eNot affected
Red Hat Enterprise Linux 7OVMFNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected
Red Hat JBoss Core ServicesopensslNot affected
Red Hat JBoss Enterprise Application Platform 5opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1421695openssl: Encrypt-Then-Mac renegotiation crash

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-3733

CVSS3: 7.5
ubuntu
почти 9 лет назад

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

nvd логотип

CVE-2017-3733

CVSS3: 7.5
nvd
почти 9 лет назад

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

debian логотип

CVE-2017-3733

CVSS3: 7.5
debian
почти 9 лет назад

During a renegotiation handshake if the Encrypt-Then-Mac extension is ...

github логотип

GHSA-6553-6v42-5wqc

CVSS3: 7.5
github
больше 3 лет назад

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

fstec логотип

BDU:2020-02911

CVSS3: 7.5
fstec
почти 9 лет назад

Уязвимость расширения Encrypt-Then-Mac библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

5.9 Medium

CVSS3