CVE-2017-3733
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-3733
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3733.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-3733
- Downstream
- Related
- Published
- 2017-05-04T19:29:00Z
- Modified
- 2025-10-15T08:59:49.896997Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
- References
-
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/96269
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
- https://www.openssl.org/news/secadv/20170216.txt
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2
- http://www.securitytracker.com/id/1037846
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_0a
OpenSSL_1_1_0b
OpenSSL_1_1_0c
OpenSSL_1_1_0d
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
Database specific
vanir_signatures
[
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"function_hash": "291408060013259910944255651829066663698",
"length": 5638.0
},
"signature_version": "v1",
"id": "CVE-2017-3733-3c16f3a1",
"signature_type": "Function",
"target": {
"function": "ssl_add_serverhello_tlsext",
"file": "ssl/t1_lib.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"210326899922277202621865221518711144115",
"297451899453299258081107901935296450843",
"28043226173519611562756266551699631673",
"239950022388405435006885238396795129531",
"298807974921422794162263307456272928810",
"275572865100524505798724938797157627264",
"323525093030425060433573353002573913850",
"299219773649024902964080869335264160673",
"306890453261393261459494927338753721926",
"235017954287774655309541109400404464721",
"183465734327004646886910361269819978850",
"175708054807709914081093413817516278625",
"169233866011009153720796270666979617551",
"193346602038903284457999880423246648703"
]
},
"signature_version": "v1",
"id": "CVE-2017-3733-572f8a24",
"signature_type": "Line",
"target": {
"file": "ssl/t1_enc.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"function_hash": "226713604719132484728676348123942863499",
"length": 6972.0
},
"signature_version": "v1",
"id": "CVE-2017-3733-65c44a97",
"signature_type": "Function",
"target": {
"function": "ssl_scan_serverhello_tlsext",
"file": "ssl/t1_lib.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"function_hash": "307764961371110327532486944532831782016",
"length": 7223.0
},
"signature_version": "v1",
"id": "CVE-2017-3733-82e85dca",
"signature_type": "Function",
"target": {
"function": "ssl_scan_clienthello_tlsext",
"file": "ssl/t1_lib.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"237023091559719071527856149215891143070",
"189699015997182080260172145615480398912",
"205754833113741135528128949544990597477",
"23637003298103959430790520728083953975",
"213597452627353687285093948503028911800",
"275810834110559761518690632015236614750",
"207314614047805664642946047844901923545",
"305191548534231855931683526269868052734",
"16313483985969968253037914987938900902",
"179377070293683824358292918943174435313",
"232050462780820513567482654978609940575",
"38441374855202028092322068574612197487",
"92138724818817252465359871808234187635",
"169352110967265325462970483252633784500",
"286633373611893743639273053059705127436",
"6443239649188082457345121959534642301",
"174064454101845695950226691453089301155",
"4662727317159733501051761036001947942",
"94332607628410547235282447800067735086",
"302973741100356685495248678251481519784"
]
},
"signature_version": "v1",
"id": "CVE-2017-3733-845ca073",
"signature_type": "Line",
"target": {
"file": "ssl/record/ssl3_record.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"128397882952359198460105101864503598442",
"160741253838952962036697543913874864956",
"263861095183750585517548547657779822920",
"104028806768614615669326497823331697802",
"275448964672631935241613161816770308403"
]
},
"signature_version": "v1",
"id": "CVE-2017-3733-8d3dc5c2",
"signature_type": "Line",
"target": {
"file": "include/openssl/ssl3.h"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"336287605999087885627445407507378051000",
"277172237984463495750704658317389696053",
"290773798954982555134968160155099884527",
"172712684677398947331358608258163928764",
"248020643342302205918131436038194688543",
"330509909880036231365085308199050967466",
"21714478470725859417744499070195627712",
"327371597548452006888585102874857308791"
]
},
"signature_version": "v1",
"id": "CVE-2017-3733-b2a80982",
"signature_type": "Line",
"target": {
"file": "ssl/ssl_locl.h"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"function_hash": "170989265506574991648367742762289132608",
"length": 7552.0
},
"signature_version": "v1",
"id": "CVE-2017-3733-c1ddada3",
"signature_type": "Function",
"target": {
"function": "ssl3_get_record",
"file": "ssl/record/ssl3_record.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"273982395028049029384316770010417454720",
"216920195870000383157122377921091889302",
"131407537057305010023409765397459846353",
"12238822107440143773359101828113494684",
"205324185603807841097347780832483647617",
"72521799318336962915531310187700102818",
"317409089079101747653219409704270668724",
"62358020504739821728838816553930756276",
"102856837353583288873352422231041902655",
"287143937199201460399237938069067835137",
"230187990647120309916191553294369235021",
"64524494689283652454913155888817214777",
"293009343861220583380900713409323833555",
"151565873025519410166373721159430280977",
"12886728301838544092618672917871337164",
"164389040029164276714025556544678377336",
"115276761031037346409777596380856965821",
"326808888076382726820433371128071681565",
"92675416239956650708541565663338281682",
"58461224521287999952730954264911108528",
"67203642406244799105142181977534478018",
"117599346699133594434963058443644042523",
"91876357595659274532854729126485790270",
"20937716431750446600366564307056756563"
]
},
"signature_version": "v1",
"id": "CVE-2017-3733-d4a21c23",
"signature_type": "Line",
"target": {
"file": "ssl/t1_lib.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"7542217128476095177380422397006445197",
"260270955145183264054661413207237965394",
"11246499031905434490821660329092439448",
"332130331106995121904797964412747523631",
"67366073130077609063323844893066781756",
"237049143005708034527252033370311160229",
"189616501985556496736028958556704578858",
"143210614436809875362313081788551382488",
"42080671283471120409974307738135291932",
"111656127582378586195554722857306440980",
"198581088139799038943765596436117447208",
"270867396637966758366786920891852731458"
]
},
"signature_version": "v1",
"id": "CVE-2017-3733-e2bcd8f1",
"signature_type": "Line",
"target": {
"file": "ssl/record/rec_layer_s3.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"function_hash": "152609637236593721181395616200235391889",
"length": 6778.0
},
"signature_version": "v1",
"id": "CVE-2017-3733-f63bb928",
"signature_type": "Function",
"target": {
"function": "tls1_change_cipher_state",
"file": "ssl/t1_enc.c"
}
},
{
"source": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2",
"deprecated": false,
"digest": {
"function_hash": "271553882449563555395616898008201693079",
"length": 2255.0
},
"signature_version": "v1",
"id": "CVE-2017-3733-fe19025e",
"signature_type": "Function",
"target": {
"function": "tls1_setup_key_block",
"file": "ssl/t1_enc.c"
}
}
]