CVEs-PoC/2017/CVE-2017-3733.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-04-21 14:06:08 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.5 KiB

Raw Permalink Blame History

CVE-2017-3733

Description

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

POC

Reference

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Ananya-0306/vuln-finder
https://github.com/akaganeite/CVE4PP
https://github.com/chnzzh/OpenSSL-CVE-lib
https://github.com/cve-search/git-vuln-finder
https://github.com/scarby/cve_details_client

1.5 KiB Raw Permalink Blame History

CVE-2017-3733

Description

POC

Reference

Github

1.5 KiB

Raw Permalink Blame History