Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References

https://www.openssl.org/news/secadv/20170828.txt

http://www.securityfocus.com/bid/100515

https://www.openssl.org/news/secadv/20171102.txt

https://www.debian.org/security/2017/dsa-4018

https://www.debian.org/security/2017/dsa-4017

https://security.netapp.com/advisory/ntap-20171107-0002/

https://security.netapp.com/advisory/ntap-20170927-0001/

http://www.securitytracker.com/id/1039726

https://www.tenable.com/security/tns-2017-14

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc

https://www.tenable.com/security/tns-2017-15

https://security.gentoo.org/glsa/201712-03

https://support.apple.com/HT208331

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html

https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822

https://usn.ubuntu.com/3611-2/

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://access.redhat.com/errata/RHSA-2018:3221

https://access.redhat.com/errata/RHSA-2018:3505

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Details

Risk Information

CVSS v2

CVSS v3