CVE-2017-3733

EPSS 7.79%
Veröffentlicht 04.05.2017 19:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle openssl-security@openssl.org
Teams Watchlist Login
Unerledigt Login

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version1.1.0

OpenSSL ≫ OpenSSL Version1.1.0a

OpenSSL ≫ OpenSSL Version1.1.0b

OpenSSL ≫ OpenSSL Version1.1.0c

OpenSSL ≫ OpenSSL Version1.1.0d

Hp ≫ Operations Agent Version11.14

Hp ≫ Operations Agent Version11.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.79%	0.917

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/96269

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037846

https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2

https://www.openssl.org/news/secadv/20170216.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3733

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3733

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3733

EUVD