CVE-2017-3735

medium

Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References

https://www.tenable.com/security/tns-2017-15

https://www.tenable.com/security/tns-2017-14

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.openssl.org/news/secadv/20171102.txt

https://www.openssl.org/news/secadv/20170828.txt

https://www.debian.org/security/2017/dsa-4018

https://www.debian.org/security/2017/dsa-4017

https://usn.ubuntu.com/3611-2/

https://support.apple.com/HT208331

https://security.netapp.com/advisory/ntap-20171107-0002/

https://security.netapp.com/advisory/ntap-20170927-0001/

https://security.gentoo.org/glsa/201712-03

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc

https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html

https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://access.redhat.com/errata/RHSA-2018:3505

https://access.redhat.com/errata/RHSA-2018:3221

http://www.securitytracker.com/id/1039726

http://www.securityfocus.com/bid/100515

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Details

Source: Mitre, NVD

Published: 2017-08-28

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium