[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-3735Date: (C)2017-08-29   (M)2018-04-24


While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
BID-100515
SECTRACK-1039726
DSA-4017
DSA-4018
FreeBSD-SA-17:11
GLSA-201712-03
USN-3611-2
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
https://security.netapp.com/advisory/ntap-20170927-0001/
https://security.netapp.com/advisory/ntap-20171107-0002/
https://support.apple.com/HT208331
https://www.openssl.org/news/secadv/20170828.txt
https://www.openssl.org/news/secadv/20171102.txt
https://www.tenable.com/security/tns-2017-14
https://www.tenable.com/security/tns-2017-15

CPE    90
cpe:/a:openssl:openssl:0.9.8y
cpe:/a:openssl:openssl:0.9.8zb
cpe:/a:openssl:openssl:0.9.8za
cpe:/a:openssl:openssl:0.9.8zc
...
CWE    1
CWE-119
OVAL    14
oval:org.secpod.oval:def:1800292
oval:org.secpod.oval:def:113571
oval:org.secpod.oval:def:703881
oval:org.secpod.oval:def:603154
...

© SecPod Technologies