While OpenSSL's code has improved in the three years since the Heartbleed vulnerability, new issues continue to come up for this important open-source project. From CVE-2017-3733:
Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)The good news is that OpenSSL 1.0.2 isn't affected by this issue but this time around is just for OpenSSL 1.1 (pre-1.1.0e).
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.
OpenSSL 1.1.0 users should upgrade to 1.1.0e