Описание
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.0.2g-1ubuntu11 |
| esm-infra-legacy/trusty | not-affected | 1.0.1f-1ubuntu2.22 |
| esm-infra/xenial | not-affected | 1.0.2g-1ubuntu4.6 |
| precise | not-affected | 1.0.1-4ubuntu5.39 |
| trusty | not-affected | 1.0.1f-1ubuntu2.22 |
| trusty/esm | not-affected | 1.0.1f-1ubuntu2.22 |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | not-affected | |
| vivid/ubuntu-core | not-affected | |
| xenial | not-affected | 1.0.2g-1ubuntu4.6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| yakkety | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
During a renegotiation handshake if the Encrypt-Then-Mac extension is ...
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Уязвимость расширения Encrypt-Then-Mac библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3