CVE-2017-3735

medium

Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References

https://access.redhat.com/errata/RHSA-2018:3221

https://access.redhat.com/errata/RHSA-2018:3505

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822

https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc

https://security.gentoo.org/glsa/201712-03

https://security.netapp.com/advisory/ntap-20170927-0001/

https://security.netapp.com/advisory/ntap-20171107-0002/

https://support.apple.com/HT208331

https://usn.ubuntu.com/3611-2/

https://www.debian.org/security/2017/dsa-4017

https://www.debian.org/security/2017/dsa-4018

https://www.openssl.org/news/secadv/20170828.txt

https://www.openssl.org/news/secadv/20171102.txt

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.tenable.com/security/tns-2017-14

https://www.tenable.com/security/tns-2017-15

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securitytracker.com/id/1039726

Details

Source: Mitre, NVD

Published: 2017-08-28

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium