High severity7.5NVD Advisory· Published May 4, 2017· Updated May 13, 2026

CVE-2017-3733

Description

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.

Affected products

OpenSSL Project/OpenSSLv56 versions
openssl-1.1.0+ 5 more
- (no CPE)range: openssl-1.1.0
- cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*
HP/Operations Agent2 versions
cpe:2.3:a:hp:operations_agent:11.14:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hp:operations_agent:11.14:*:*:*:*:*:*:*
- cpe:2.3:a:hp:operations_agent:11.15:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/96269nvdThird Party AdvisoryVDB Entry
h20566.www2.hpe.com/hpsc/doc/public/displaynvdThird Party AdvisoryVDB Entry
www.openssl.org/news/secadv/20170216.txtnvdVendor Advisory
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvd
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvd
www.securitytracker.com/id/1037846nvd
github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2nvd
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000