cve/CVE-2017-3733.md at 32646c20e71810932fbd5e08aba28eaca6211a4d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-14 20:08:44 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

POC

Reference

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Ananya-0306/vuln-finder
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/cve-search/git-vuln-finder
https://github.com/scarby/cve_details_client

1.0 KiB Raw Blame History

CVE-2017-3733

Description

POC

Reference

Github

1.0 KiB

Raw Blame History