Description
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Remediation
References
Related Vulnerabilities
e107 Other Vulnerability (CVE-2004-2042)
Oracle Application Server Other Vulnerability (CVE-2006-5355)
Oracle Database Server CVE-2008-2605 Vulnerability (CVE-2008-2605)
WordPress Plugin myLinksDump 'url' Parameter SQL Injection (1.2)
phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)