Main Vulnerability Database Vulnerabilities #VU5839

#VU5839 Improper input validation in OpenSSL - CVE-2017-3733

Published: February 16, 2017

Vulnerability identifier: #VU5839

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-3733

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenSSL

Software vendor:
OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to cause denial of service.

The vulnerability exists due to improper input validation during a renegotiation handshake, if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake. A remote attacker can send a specially crafted data to vulnerable application and case denial of service conditions.

Successful exploitation of the vulnerability may result in denial of service (DoS) attack.

Remediation

Update to version 1.1.0e.

External links

https://www.openssl.org/news/secadv/20170216.txt