CVE-2017-3733

CVE Database · CVE-2017-3733

CVE-2017-3733

· N/AModified

CVSS v3.1

N/A

EPSS

12.64%

Published

May 4, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Weaknesses (CWE)

CWE-20

Affected Products (7)

openssl · opensslvulnerable

hp · operations_agentvulnerable

References (16)

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/96269

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037846

https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us

Third Party AdvisoryVDB Entry

https://www.openssl.org/news/secadv/20170216.txt

Vendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

KEV Catalog EPSS Scores Vendors All CVEs