CVE-2017-3735

Опубликовано: 28 авг. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Средний

Описание

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/100515
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039726
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3505
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
https://security.gentoo.org/glsa/201712-03
https://security.netapp.com/advisory/ntap-20170927-0001/
Issue Tracking
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171107-0002/
Issue Tracking
Third Party Advisory
https://support.apple.com/HT208331
https://usn.ubuntu.com/3611-2/
https://www.debian.org/security/2017/dsa-4017
Third Party Advisory
https://www.debian.org/security/2017/dsa-4018
Third Party Advisory
https://www.openssl.org/news/secadv/20170828.txt
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.37446

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-3735

CVSS3: 5.3

ubuntu

почти 8 лет назад

CVE-2017-3735

CVSS3: 5.3

redhat

почти 8 лет назад

CVE-2017-3735

CVSS3: 5.3

debian

почти 8 лет назад

While parsing an IPAddressFamily extension in an X.509 certificate, it ...

SUSE-SU-2017:2981-1

suse-cvrf

больше 7 лет назад

Security update for openssl

SUSE-SU-2017:2968-1

suse-cvrf

больше 7 лет назад

Security update for openssl1

EPSS

Процентиль: 97%

0.37446

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119