QwikSec

Security Database

CVE

CWE

Training

CVE-2017-3735

Published: Aug 28, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Vendor	Product	Versions
OpenSSL Software Foundation	OpenSSL	affected `1.1.0` affected `1.0.2`

References

vdb-entry

vendor-advisory

vendor-advisory

vendor-advisory

[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update

mailing-list

vendor-advisory

vendor-advisory

vendor-advisory

vdb-entry

FreeBSD-SA-17:11

vendor-advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://security.netapp.com/advisory/ntap-20171107-0002/

https://support.apple.com/HT208331

https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822

https://security.netapp.com/advisory/ntap-20170927-0001/

https://www.tenable.com/security/tns-2017-15

https://www.openssl.org/news/secadv/20171102.txt

https://www.tenable.com/security/tns-2017-14

https://www.openssl.org/news/secadv/20170828.txt

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.