CVE-2017-3735

MEDIUM

OpenSSL <1.0.2m, 1.1.0g - Info Disclosure

Title source: llm
STIX 2.1

Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References (27)

Core 27
Core References
Issue Tracking, Third Party Advisory
https://security.netapp.com/advisory/ntap-20170927-0001/
Issue Tracking, Third Party Advisory
https://security.netapp.com/advisory/ntap-20171107-0002/
Issue Tracking, Vendor Advisory
https://www.openssl.org/news/secadv/20171102.txt
Issue Tracking, Third Party Advisory
https://www.tenable.com/security/tns-2017-14
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1039726
Vendor Advisory vendor-advisory
https://usn.ubuntu.com/3611-2/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2017/dsa-4018
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201712-03
Vendor Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:3505
Third Party Advisory vendor-advisory
https://www.debian.org/security/2017/dsa-4017
Vendor Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2018:3221
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/100515

Scores

CVSS v3 5.3
EPSS 0.3862
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-119
Status published
Products (44)
debian/debian_linux 8.0
debian/debian_linux 9.0
openssl/openssl 0.9.7j
openssl/openssl 0.9.7k
openssl/openssl 0.9.7l
openssl/openssl 0.9.7m
openssl/openssl 0.9.8
openssl/openssl 0.9.8a
openssl/openssl 0.9.8b
openssl/openssl 0.9.8c
... and 34 more
Published Aug 28, 2017
Tracked Since Feb 18, 2026