While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html cve-icon cve-icon
http://www.securityfocus.com/bid/100515 cve-icon cve-icon
http://www.securitytracker.com/id/1039726 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:3221 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:3505 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf cve-icon cve-icon
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-3735 cve-icon
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc cve-icon cve-icon
https://security.gentoo.org/glsa/201712-03 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20170927-0001/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20171107-0002/ cve-icon cve-icon
https://support.apple.com/HT208331 cve-icon cve-icon
https://usn.ubuntu.com/3611-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2017-3735 cve-icon
https://www.debian.org/security/2017/dsa-4017 cve-icon cve-icon
https://www.debian.org/security/2017/dsa-4018 cve-icon cve-icon
https://www.openssl.org/news/secadv/20170828.txt cve-icon cve-icon cve-icon
https://www.openssl.org/news/secadv/20171102.txt cve-icon cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html cve-icon cve-icon
https://www.tenable.com/security/tns-2017-14 cve-icon cve-icon
https://www.tenable.com/security/tns-2017-15 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2017-08-28T19:00:00Z

Updated: 2024-09-16T21:08:28.987Z

Reserved: 2016-12-16T00:00:00

Link: CVE-2017-3735

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-28T19:29:01.353

Modified: 2024-11-21T03:26:01.960

Link: CVE-2017-3735

cve-icon Redhat

Severity : Low

Publid Date: 2017-08-28T00:00:00Z

Links: CVE-2017-3735 - Bugzilla