[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-3735Date: (C)2017-08-29   (M)2018-07-19


While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
BID-100515
SECTRACK-1039726
DSA-4017
DSA-4018
FreeBSD-SA-17:11
GLSA-201712-03
USN-3611-2
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
https://security.netapp.com/advisory/ntap-20170927-0001/
https://security.netapp.com/advisory/ntap-20171107-0002/
https://support.apple.com/HT208331
https://www.openssl.org/news/secadv/20170828.txt
https://www.openssl.org/news/secadv/20171102.txt
https://www.tenable.com/security/tns-2017-14
https://www.tenable.com/security/tns-2017-15

CPE    90
cpe:/a:openssl:openssl:0.9.8z
cpe:/a:openssl:openssl:0.9.8ze
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta3
...
CWE    1
CWE-119
OVAL    14
oval:org.secpod.oval:def:43036
oval:org.secpod.oval:def:703881
oval:org.secpod.oval:def:43056
oval:org.secpod.oval:def:1800292
...

© SecPod Technologies