Description
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Remediation
References
Related Vulnerabilities
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-0464)
MySQL CVE-2012-0485 Vulnerability (CVE-2012-0485)
WordPress Plugin Ultimate TinyMCE Multiple Unspecified Vulnerabilities (5.0)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37909)
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)