virus logo FortiClient Vulnerability

OpenSSL CVE-2017-3733 Input Validation Bypass Vulnerability

description-logoDescription

Severity: HighDuring a renegotiation handshake if the Encrypt-Then-Mac extension isnegotiated where it was not in the original handshake (or vice-versa) then thiscan cause OpenSSL to crash (dependent on ciphersuite). Both clients and serversare affected.OpenSSL 1.1.0 users should upgrade to 1.1.0eThis issue does not affect OpenSSL version 1.0.2.This issue was reported to OpenSSL on 31st January 2017 by Joe Orton (Red Hat).The fix was developed by Matt Caswell of the OpenSSL development team.NoteSupport for version 1.0.1 ended on 31st December 2016. Support for versions0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longerreceiving security updates.ReferencesURL for this Security Advisory:https://www.openssl.org/news/secadv/20170216.txtNote: the online version of the advisory may be updated with additional detailsover time.For details of OpenSSL severity classifications please see:https://www.openssl.org/policies/secpolicy.html

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2017-3733

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39883
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL