### [CVE-2017-3733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3733)
![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=protocol%20error&color=brighgreen)

### Description

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Ananya-0306/vuln-finder
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/cve-search/git-vuln-finder
- https://github.com/scarby/cve_details_client