CVE-2017-3735

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References

https://www.openssl.org/news/secadv/20170828.txt

http://www.securityfocus.com/bid/100515

https://www.openssl.org/news/secadv/20171102.txt

https://www.debian.org/security/2017/dsa-4018

https://www.debian.org/security/2017/dsa-4017

https://security.netapp.com/advisory/ntap-20171107-0002/

https://security.netapp.com/advisory/ntap-20170927-0001/

http://www.securitytracker.com/id/1039726

https://www.tenable.com/security/tns-2017-14

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc

https://www.tenable.com/security/tns-2017-15

https://security.gentoo.org/glsa/201712-03

https://support.apple.com/HT208331

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html

https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822

https://usn.ubuntu.com/3611-2/

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://access.redhat.com/errata/RHSA-2018:3221

https://access.redhat.com/errata/RHSA-2018:3505

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Details

Source: MITRE

Published: 2017-08-28

Updated: 2021-07-20

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (60 total)

IDNameProductFamilySeverity
155531EulerOS Virtualization 2.9.1 : shim (EulerOS-SA-2021-2758)NessusHuawei Local Security Checks
high
155496EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2021-2785)NessusHuawei Local Security Checks
high
153738EulerOS 2.0 SP9 : shim (EulerOS-SA-2021-2542)NessusHuawei Local Security Checks
medium
153705EulerOS 2.0 SP9 : shim (EulerOS-SA-2021-2566)NessusHuawei Local Security Checks
medium
147080EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2021-1506)NessusHuawei Local Security Checks
medium
146107EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2021-1221)NessusHuawei Local Security Checks
medium
131662EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)NessusHuawei Local Security Checks
high
131184Oracle Enterprise Manager Ops Center (Jan 2019 CPU)NessusMisc.
critical
127975OracleVM 3.4 : openssl (OVMSA-2019-0040)NessusOracleVM Local Security Checks
medium
127262NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0065)NessusNewStart CGSL Local Security Checks
medium
124999EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)NessusHuawei Local Security Checks
high
124903EulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400)NessusHuawei Local Security Checks
medium
700513macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)Nessus Network MonitorOperating System Detection
critical
123887EulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201)NessusHuawei Local Security Checks
medium
123850EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1164)NessusHuawei Local Security Checks
medium
122706EulerOS Virtualization 2.5.2 : openssl (EulerOS-SA-2019-1084)NessusHuawei Local Security Checks
medium
121753Photon OS 1.0: Openssl PHSA-2017-0042NessusPhotonOS Local Security Checks
high
120997EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)NessusHuawei Local Security Checks
medium
120014SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:0293-1)NessusSuSE Local Security Checks
critical
120012SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0002-1)NessusSuSE Local Security Checks
critical
119909EulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1420)NessusHuawei Local Security Checks
medium
119520EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1392)NessusHuawei Local Security Checks
medium
119464Amazon Linux AMI : openssl (ALAS-2018-1102)NessusAmazon Linux Local Security Checks
medium
119194Scientific Linux Security Update : openssl on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
medium
118998CentOS 7 : openssl (CESA-2018:3221)NessusCentOS Local Security Checks
medium
118833Amazon Linux 2 : openssl (ALAS-2018-1102)NessusAmazon Linux Local Security Checks
medium
118777Oracle Linux 7 : openssl (ELSA-2018-3221)NessusOracle Linux Local Security Checks
medium
118534RHEL 7 : openssl (RHSA-2018:3221)NessusRed Hat Local Security Checks
high
111891Photon OS 1.0: Linux / Openssl PHSA-2017-0042 (deprecated)NessusPhotonOS Local Security Checks
high
109406Juniper NSM < 2012.2R14 OpenSSL Multiple Vulnerabilities (JSA10851)NessusMisc.
medium
109204Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (Apr 2018 CPU)NessusMisc.
medium
108517pfSense < 2.4.2 Multiple Vulnerabilities (SA-17_07)NessusFirewalls
medium
107231AIX OpenSSL Advisory : openssl_advisory24.ascNessusAIX Local Security Checks
medium
106547openSUSE Security Update : nodejs6 (openSUSE-2018-116)NessusSuSE Local Security Checks
critical
106199Oracle Secure Global Desktop Multiple Vulnerabilities (January 2018 CPU)NessusMisc.
critical
106105Oracle E-Business Multiple Vulnerabilities (January 2018 CPU)NessusMisc.
critical
106104Oracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)NessusMisc.
medium
106093SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0112-1)NessusSuSE Local Security Checks
critical
106092SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)NessusSuSE Local Security Checks
critical
105877Fedora 27 : 1:compat-openssl10 (2017-512a6c5aae)NessusFedora Local Security Checks
medium
105872Fedora 27 : 1:openssl (2017-4cf72e2c11)NessusFedora Local Security Checks
medium
105638openSUSE Security Update : nodejs4 (openSUSE-2018-5)NessusSuSE Local Security Checks
critical
105263GLSA-201712-03 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
105224openSUSE Security Update : openssl (openSUSE-2017-1324)NessusSuSE Local Security Checks
medium
105081macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)NessusMacOS X Local Security Checks
high
105080macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)NessusMacOS X Local Security Checks
high
105067FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9442a811-dab3-11e7-b5af-a4badb2f4699)NessusFreeBSD Local Security Checks
medium
104967SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3169-1)NessusSuSE Local Security Checks
medium
104830Fedora 26 : 1:openssl (2017-dbec196dd8)NessusFedora Local Security Checks
medium
104826Fedora 25 : 1:openssl (2017-55a3247cfd)NessusFedora Local Security Checks
medium
104729Fedora 26 : 1:compat-openssl10 (2017-7f30914972)NessusFedora Local Security Checks
medium
104639Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2m Multiple VulnerabilitiesNessusMisc.
medium
104530SUSE SLES12 Security Update : openssl (SUSE-SU-2017:2981-1)NessusSuSE Local Security Checks
medium
104481Debian DLA-1157-1 : openssl security updateNessusDebian Local Security Checks
medium
104432Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : openssl vulnerabilities (USN-3475-1)NessusUbuntu Local Security Checks
medium
104409OpenSSL 1.1.0 < 1.1.0g RSA/DSA Unspecified Carry IssueNessusWeb Servers
medium
104408OpenSSL 1.0.x < 1.0.2m RSA/DSA Unspecified Carry IssueNessusWeb Servers
medium
104402Debian DSA-4018-1 : openssl - security updateNessusDebian Local Security Checks
medium
104401Debian DSA-4017-1 : openssl1.0 - security updateNessusDebian Local Security Checks
medium
104367FreeBSD : OpenSSL -- Multiple vulnerabilities (f40f07aa-c00f-11e7-ac58-b499baebfeaf)NessusFreeBSD Local Security Checks
medium