FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssl -- crash on handshake

Affected packages
openssl-devel < 1.1.0e

Details

VuXML ID 1a802ba9-f444-11e6-9940-b499baebfeaf
Discovery 2017-02-16
Entry 2017-02-16

The OpenSSL project reports:

Severity: High
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.
This issue does not affect OpenSSL version 1.0.2.

[source]

References

CVE Name CVE-2017-3733
URL https://www.openssl.org/news/secadv/20170216.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.