While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssl< 1.1.0g-1openssl_1.1.0g-1_all.deb
Debian11allopenssl< 1.1.0g-1openssl_1.1.0g-1_all.deb
Debian10allopenssl< 1.1.0g-1openssl_1.1.0g-1_all.deb
Debian999allopenssl< 1.1.0g-1openssl_1.1.0g-1_all.deb
Debian13allopenssl< 1.1.0g-1openssl_1.1.0g-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssl	< 1.1.0g-1	openssl_1.1.0g-1_all.deb
Debian	11	all	openssl	< 1.1.0g-1	openssl_1.1.0g-1_all.deb
Debian	10	all	openssl	< 1.1.0g-1	openssl_1.1.0g-1_all.deb
Debian	999	all	openssl	< 1.1.0g-1	openssl_1.1.0g-1_all.deb
Debian	13	all	openssl	< 1.1.0g-1	openssl_1.1.0g-1_all.deb

ibm 54

redhatcve 1

nessus 62

osv 4

f5 1

debian 5

cve 1

prion 1

openvas 25

aix 1

openssl 1

checkpoint_advisories 1

oraclelinux 3

veracode 1

alpinelinux 1

suse 3

ubuntucve 1

altlinux 5

fedora 5

archlinux 4

ubuntu 2

nodejsblog 1

freebsd 2

symantec 1

mageia 1

freebsd_advisory 1

cloudfoundry 1

amazon 2

gentoo 1

redhat 2

centos 1

ics 1

apple 2

lenovo 1

ibm

Security Bulletin: Vulnerability in the OpenSSL Library Affects IBM Tealeaf Customer Experience (CVE-2017-3735)

2018-06-23 03:45:19

Security Bulletin: Vulnerability in OpenSSL affects IBM NeXtScale Fan Power Controller (FPC) (CVE-2017-3735)

2019-01-31 02:40:01

Security Bulletin: Vulnerability in OpenSSL affects IBM Chassis Management Module (CVE-2017-3735)

2019-01-31 02:40:01

redhatcve

CVE-2017-3735

2019-11-06 04:24:26

nessus

Fedora 27 : 1:compat-openssl10 (2017-512a6c5aae)

2018-01-15 00:00:00

EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2021-1221)

2021-02-04 00:00:00

Fedora 26 : 1:openssl (2017-dbec196dd8)

2017-11-29 00:00:00

osv

openssl - security update

2017-11-02 00:00:00

openssl - security update

2017-11-04 00:00:00

CVE-2017-3735

2017-08-28 19:29:01

K21462542 : OpenSSL vulnerability CVE-2017-3735

2017-10-13 00:00:00

debian

[SECURITY] [DLA-1157-1] openssl security update

2017-11-09 15:30:17

[SECURITY] [DSA 4017-1] openssl1.0 security update

2017-11-03 23:03:01

[SECURITY] [DSA 4018-1] openssl security update

2017-11-03 23:23:25

cve

CVE-2017-3735

2017-08-28 19:29:00

prion

Design/Logic Flaw

2017-08-28 19:29:00

openvas

OpenSSL 'OOB read' Security Bypass Vulnerability (Windows)

2017-08-31 00:00:00

OpenSSL 'OOB read' Security Bypass Vulnerability (Linux)

2017-08-31 00:00:00

Debian Security Advisory DSA 4018-1 (openssl - security update)

2017-11-04 00:00:00

aix

Vulnerability in OpenSSL affects AIX

2017-12-14 14:57:00

openssl

Vulnerability in OpenSSL CVE-2017-3735

2017-08-28 00:00:00

checkpoint_advisories

OpenSSL X.509 IPAddressFamily Extension Parsing Out-of-Bounds Read (CVE-2017-3735)

2017-09-06 00:00:00

oraclelinux

openssl security update

2018-06-25 00:00:00

openssl security update

2018-11-06 00:00:00

openssl security, bug fix, and enhancement update

2018-11-05 00:00:00

veracode

Buffer Overread

2017-08-29 00:42:31

alpinelinux

CVE-2017-3735

2017-08-28 19:29:00

suse

Security update for openssl1 (important)

2017-11-10 09:18:31

Security update for openssl (important)

2017-11-10 18:14:09

Security update for openssl (important)

2018-01-16 18:08:42

ubuntucve

CVE-2017-3735

2017-08-28 00:00:00

altlinux

Security fix for the ALT Linux 8 package openssl10 version 1.0.2m-alt0.M80P.1

2017-11-07 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.2m-alt1

2017-11-04 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2m-alt1

2017-11-04 00:00:00

fedora

[SECURITY] Fedora 27 Update: compat-openssl10-1.0.2m-1.fc27

2017-11-15 18:00:30

[SECURITY] Fedora 26 Update: compat-openssl10-1.0.2m-1.fc26

2017-11-22 02:35:21

[SECURITY] Fedora 27 Update: openssl-1.1.0g-1.fc27

2017-11-21 23:39:13

archlinux

[ASA-201712-9] openssl-1.0: multiple issues

2017-12-16 00:00:00

[ASA-201711-15] lib32-openssl: multiple issues

2017-11-08 00:00:00

[ASA-201711-14] openssl: multiple issues

2017-11-07 00:00:00

ubuntu

OpenSSL vulnerabilities

2018-04-17 00:00:00

OpenSSL vulnerabilities

2017-11-06 00:00:00

nodejsblog

OpenSSL update, 1.0.2m

2017-10-30 00:00:00

freebsd

OpenSSL -- Multiple vulnerabilities

2017-11-02 00:00:00

FreeBSD -- OpenSSL multiple vulnerabilities

2017-11-29 00:00:00

symantec

SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017

2017-11-30 08:00:00

mageia

Updated openssl packages fix security vulnerabilities

2017-11-09 01:43:48

freebsd_advisory

FreeBSD-SA-17:11.openssl

2017-11-29 00:00:00

cloudfoundry

USN-3475-1: OpenSSL vulnerabilities | Cloud Foundry

2017-11-27 00:00:00

amazon

Medium: openssl

2018-12-05 23:20:00

Medium: openssl

2018-11-07 22:07:00

gentoo

OpenSSL: Multiple vulnerabilities

2017-12-14 00:00:00

redhat

(RHSA-2018:3221) Moderate: openssl security, bug fix, and enhancement update

2018-10-30 04:31:37

(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image

2018-11-06 15:39:03

centos

openssl security update

2018-11-15 18:50:49

ics

PHOENIX CONTACT FL SWITCH

2019-01-24 12:00:00

apple

About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support

2020-07-27 08:21:38

About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan

2017-12-06 00:00:00

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

90.5%

JSON

Related for DEBIANCVE:CVE-2017-3735