CVE-2017-3735

MEDIUM

Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/100515

http://www.securitytracker.com/id/1039726

https://access.redhat.com/errata/RHSA-2018:3221

https://access.redhat.com/errata/RHSA-2018:3505

https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822

https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc

https://security.gentoo.org/glsa/201712-03

https://security.netapp.com/advisory/ntap-20170927-0001/

https://security.netapp.com/advisory/ntap-20171107-0002/

https://support.apple.com/HT208331

https://usn.ubuntu.com/3611-2/

https://www.debian.org/security/2017/dsa-4017

https://www.debian.org/security/2017/dsa-4018

https://www.openssl.org/news/secadv/20170828.txt

https://www.openssl.org/news/secadv/20171102.txt

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.tenable.com/security/tns-2017-14

https://www.tenable.com/security/tns-2017-15

Details

Source: MITRE

Published: 2017-08-28

Updated: 2019-04-23

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM