CVE-2017-3735
Summary
| CVE | CVE-2017-3735 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-08-28 19:29:00 UTC |
| Updated | 2022-12-13 12:15:00 UTC |
| Description | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Openssl | Openssl | 0.9.7j | All | All | All |
| Application | Openssl | Openssl | 0.9.7k | All | All | All |
| Application | Openssl | Openssl | 0.9.7l | All | All | All |
| Application | Openssl | Openssl | 0.9.7m | All | All | All |
| Application | Openssl | Openssl | 0.9.8 | All | All | All |
| Application | Openssl | Openssl | 0.9.8a | All | All | All |
| Application | Openssl | Openssl | 0.9.8b | All | All | All |
| Application | Openssl | Openssl | 0.9.8c | All | All | All |
| Application | Openssl | Openssl | 0.9.8d | All | All | All |
| Application | Openssl | Openssl | 0.9.8e | All | All | All |
| Application | Openssl | Openssl | 0.9.8f | All | All | All |
| Application | Openssl | Openssl | 0.9.8g | All | All | All |
| Application | Openssl | Openssl | 0.9.8h | All | All | All |
| Application | Openssl | Openssl | 0.9.8i | All | All | All |
| Application | Openssl | Openssl | 0.9.8j | All | All | All |
| Application | Openssl | Openssl | 0.9.8k | All | All | All |
| Application | Openssl | Openssl | 0.9.8l | All | All | All |
| Application | Openssl | Openssl | 0.9.8m | All | All | All |
| Application | Openssl | Openssl | 0.9.8m | beta1 | All | All |
| Application | Openssl | Openssl | 0.9.8n | All | All | All |
| Application | Openssl | Openssl | 0.9.8o | All | All | All |
| Application | Openssl | Openssl | 0.9.8p | All | All | All |
| Application | Openssl | Openssl | 0.9.8q | All | All | All |
| Application | Openssl | Openssl | 0.9.8r | All | All | All |
| Application | Openssl | Openssl | 0.9.8s | All | All | All |
| Application | Openssl | Openssl | 0.9.8t | All | All | All |
| Application | Openssl | Openssl | 0.9.8u | All | All | All |
| Application | Openssl | Openssl | 0.9.8v | All | All | All |
| Application | Openssl | Openssl | 0.9.8w | All | All | All |
| Application | Openssl | Openssl | 0.9.8x | All | All | All |
| Application | Openssl | Openssl | 0.9.8y | All | All | All |
| Application | Openssl | Openssl | 0.9.8z | All | All | All |
| Application | Openssl | Openssl | 0.9.8za | All | All | All |
| Application | Openssl | Openssl | 0.9.8zb | All | All | All |
| Application | Openssl | Openssl | 0.9.8zc | All | All | All |
| Application | Openssl | Openssl | 0.9.8ze | All | All | All |
| Application | Openssl | Openssl | 0.9.8zg | All | All | All |
| Application | Openssl | Openssl | 1.0.0 | All | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta1 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta2 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta3 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta4 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta5 | All | All |
| Application | Openssl | Openssl | 1.0.0a | All | All | All |
| Application | Openssl | Openssl | 1.0.0b | All | All | All |
| Application | Openssl | Openssl | 1.0.0c | All | All | All |
| Application | Openssl | Openssl | 1.0.0d | All | All | All |
| Application | Openssl | Openssl | 1.0.0e | All | All | All |
| Application | Openssl | Openssl | 1.0.0f | All | All | All |
| Application | Openssl | Openssl | 1.0.0g | All | All | All |
| Application | Openssl | Openssl | 1.0.0h | All | All | All |
| Application | Openssl | Openssl | 1.0.0i | All | All | All |
| Application | Openssl | Openssl | 1.0.0j | All | All | All |
| Application | Openssl | Openssl | 1.0.0k | All | All | All |
| Application | Openssl | Openssl | 1.0.0l | All | All | All |
| Application | Openssl | Openssl | 1.0.0m | All | All | All |
| Application | Openssl | Openssl | 1.0.0n | All | All | All |
| Application | Openssl | Openssl | 1.0.0o | All | All | All |
| Application | Openssl | Openssl | 1.0.0p | All | All | All |
| Application | Openssl | Openssl | 1.0.0q | All | All | All |
| Application | Openssl | Openssl | 1.0.0r | All | All | All |
| Application | Openssl | Openssl | 1.0.0s | All | All | All |
| Application | Openssl | Openssl | 1.0.1 | All | All | All |
| Application | Openssl | Openssl | 1.0.1 | beta1 | All | All |
| Application | Openssl | Openssl | 1.0.1 | beta2 | All | All |
| Application | Openssl | Openssl | 1.0.1 | beta3 | All | All |
| Application | Openssl | Openssl | 1.0.1a | All | All | All |
| Application | Openssl | Openssl | 1.0.1b | All | All | All |
| Application | Openssl | Openssl | 1.0.1c | All | All | All |
| Application | Openssl | Openssl | 1.0.1d | All | All | All |
| Application | Openssl | Openssl | 1.0.1e | All | All | All |
| Application | Openssl | Openssl | 1.0.1f | All | All | All |
| Application | Openssl | Openssl | 1.0.1g | All | All | All |
| Application | Openssl | Openssl | 1.0.1h | All | All | All |
| Application | Openssl | Openssl | 1.0.1i | All | All | All |
| Application | Openssl | Openssl | 1.0.1j | All | All | All |
| Application | Openssl | Openssl | 1.0.1k | All | All | All |
| Application | Openssl | Openssl | 1.0.1l | All | All | All |
| Application | Openssl | Openssl | 1.0.2 | All | All | All |
| Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
| Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
| Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
| Application | Openssl | Openssl | 1.0.2a | All | All | All |
| Application | Openssl | Openssl | 1.0.2b | All | All | All |
| Application | Openssl | Openssl | 1.0.2c | All | All | All |
| Application | Openssl | Openssl | 1.0.2d | All | All | All |
| Application | Openssl | Openssl | 1.0.2e | All | All | All |
| Application | Openssl | Openssl | 1.0.2f | All | All | All |
| Application | Openssl | Openssl | 1.0.2h | All | All | All |
| Application | Openssl | Openssl | 1.0.2i | All | All | All |
| Application | Openssl | Openssl | 1.0.2j | All | All | All |
| Application | Openssl | Openssl | 1.0.2k | All | All | All |
| Application | Openssl | Openssl | 1.0.2l | All | All | All |
| Application | Openssl | Openssl | 1.1.0 | All | All | All |
| Application | Openssl | Openssl | 1.1.0a | All | All | All |
| Application | Openssl | Openssl | 1.1.0b | All | All | All |
| Application | Openssl | Openssl | 1.1.0c | All | All | All |
| Application | Openssl | Openssl | 1.1.0d | All | All | All |
| Application | Openssl | Openssl | 1.1.0e | All | All | All |
| Application | Openssl | Openssl | 1.1.0f | All | All | All |
| Application | Openssl | Openssl | 0.9.7j | All | All | All |
| Application | Openssl | Openssl | 0.9.7k | All | All | All |
| Application | Openssl | Openssl | 0.9.7l | All | All | All |
| Application | Openssl | Openssl | 0.9.7m | All | All | All |
| Application | Openssl | Openssl | 0.9.8 | All | All | All |
| Application | Openssl | Openssl | 0.9.8a | All | All | All |
| Application | Openssl | Openssl | 0.9.8b | All | All | All |
| Application | Openssl | Openssl | 0.9.8c | All | All | All |
| Application | Openssl | Openssl | 0.9.8d | All | All | All |
| Application | Openssl | Openssl | 0.9.8e | All | All | All |
| Application | Openssl | Openssl | 0.9.8f | All | All | All |
| Application | Openssl | Openssl | 0.9.8g | All | All | All |
| Application | Openssl | Openssl | 0.9.8h | All | All | All |
| Application | Openssl | Openssl | 0.9.8i | All | All | All |
| Application | Openssl | Openssl | 0.9.8j | All | All | All |
| Application | Openssl | Openssl | 0.9.8k | All | All | All |
| Application | Openssl | Openssl | 0.9.8l | All | All | All |
| Application | Openssl | Openssl | 0.9.8m | All | All | All |
| Application | Openssl | Openssl | 0.9.8m | beta1 | All | All |
| Application | Openssl | Openssl | 0.9.8n | All | All | All |
| Application | Openssl | Openssl | 0.9.8o | All | All | All |
| Application | Openssl | Openssl | 0.9.8p | All | All | All |
| Application | Openssl | Openssl | 0.9.8q | All | All | All |
| Application | Openssl | Openssl | 0.9.8r | All | All | All |
| Application | Openssl | Openssl | 0.9.8s | All | All | All |
| Application | Openssl | Openssl | 0.9.8t | All | All | All |
| Application | Openssl | Openssl | 0.9.8u | All | All | All |
| Application | Openssl | Openssl | 0.9.8v | All | All | All |
| Application | Openssl | Openssl | 0.9.8w | All | All | All |
| Application | Openssl | Openssl | 0.9.8x | All | All | All |
| Application | Openssl | Openssl | 0.9.8y | All | All | All |
| Application | Openssl | Openssl | 0.9.8z | All | All | All |
| Application | Openssl | Openssl | 0.9.8za | All | All | All |
| Application | Openssl | Openssl | 0.9.8zb | All | All | All |
| Application | Openssl | Openssl | 0.9.8zc | All | All | All |
| Application | Openssl | Openssl | 0.9.8ze | All | All | All |
| Application | Openssl | Openssl | 0.9.8zg | All | All | All |
| Application | Openssl | Openssl | 1.0.0 | All | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta1 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta2 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta3 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta4 | All | All |
| Application | Openssl | Openssl | 1.0.0 | beta5 | All | All |
| Application | Openssl | Openssl | 1.0.0a | All | All | All |
| Application | Openssl | Openssl | 1.0.0b | All | All | All |
| Application | Openssl | Openssl | 1.0.0c | All | All | All |
| Application | Openssl | Openssl | 1.0.0d | All | All | All |
| Application | Openssl | Openssl | 1.0.0e | All | All | All |
| Application | Openssl | Openssl | 1.0.0f | All | All | All |
| Application | Openssl | Openssl | 1.0.0g | All | All | All |
| Application | Openssl | Openssl | 1.0.0h | All | All | All |
| Application | Openssl | Openssl | 1.0.0i | All | All | All |
| Application | Openssl | Openssl | 1.0.0j | All | All | All |
| Application | Openssl | Openssl | 1.0.0k | All | All | All |
| Application | Openssl | Openssl | 1.0.0l | All | All | All |
| Application | Openssl | Openssl | 1.0.0m | All | All | All |
| Application | Openssl | Openssl | 1.0.0n | All | All | All |
| Application | Openssl | Openssl | 1.0.0o | All | All | All |
| Application | Openssl | Openssl | 1.0.0p | All | All | All |
| Application | Openssl | Openssl | 1.0.0q | All | All | All |
| Application | Openssl | Openssl | 1.0.0r | All | All | All |
| Application | Openssl | Openssl | 1.0.0s | All | All | All |
| Application | Openssl | Openssl | 1.0.1 | All | All | All |
| Application | Openssl | Openssl | 1.0.1 | beta1 | All | All |
| Application | Openssl | Openssl | 1.0.1 | beta2 | All | All |
| Application | Openssl | Openssl | 1.0.1 | beta3 | All | All |
| Application | Openssl | Openssl | 1.0.1a | All | All | All |
| Application | Openssl | Openssl | 1.0.1b | All | All | All |
| Application | Openssl | Openssl | 1.0.1c | All | All | All |
| Application | Openssl | Openssl | 1.0.1d | All | All | All |
| Application | Openssl | Openssl | 1.0.1e | All | All | All |
| Application | Openssl | Openssl | 1.0.1f | All | All | All |
| Application | Openssl | Openssl | 1.0.1g | All | All | All |
| Application | Openssl | Openssl | 1.0.1h | All | All | All |
| Application | Openssl | Openssl | 1.0.1i | All | All | All |
| Application | Openssl | Openssl | 1.0.1j | All | All | All |
| Application | Openssl | Openssl | 1.0.1k | All | All | All |
| Application | Openssl | Openssl | 1.0.1l | All | All | All |
| Application | Openssl | Openssl | 1.0.2 | All | All | All |
| Application | Openssl | Openssl | 1.0.2 | beta1 | All | All |
| Application | Openssl | Openssl | 1.0.2 | beta2 | All | All |
| Application | Openssl | Openssl | 1.0.2 | beta3 | All | All |
| Application | Openssl | Openssl | 1.0.2a | All | All | All |
| Application | Openssl | Openssl | 1.0.2b | All | All | All |
| Application | Openssl | Openssl | 1.0.2c | All | All | All |
| Application | Openssl | Openssl | 1.0.2d | All | All | All |
| Application | Openssl | Openssl | 1.0.2e | All | All | All |
| Application | Openssl | Openssl | 1.0.2f | All | All | All |
| Application | Openssl | Openssl | 1.0.2h | All | All | All |
| Application | Openssl | Openssl | 1.0.2i | All | All | All |
| Application | Openssl | Openssl | 1.0.2j | All | All | All |
| Application | Openssl | Openssl | 1.0.2k | All | All | All |
| Application | Openssl | Openssl | 1.0.2l | All | All | All |
| Application | Openssl | Openssl | 1.1.0 | All | All | All |
| Application | Openssl | Openssl | 1.1.0a | All | All | All |
| Application | Openssl | Openssl | 1.1.0b | All | All | All |
| Application | Openssl | Openssl | 1.1.0c | All | All | All |
| Application | Openssl | Openssl | 1.1.0d | All | All | All |
| Application | Openssl | Openssl | 1.1.0e | All | All | All |
| Application | Openssl | Openssl | 1.1.0f | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OpenSSL: Multiple vulnerabilities (GLSA 201712-03) — Gentoo security | GENTOO | security.gentoo.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| OpenSSL CVE-2017-3735 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| www.openssl.org/news/secadv/20171102.txt | CONFIRM | www.openssl.org | Issue Tracking, Vendor Advisory |
| Oracle Critical Patch Update - January 2018 | CONFIRM | www.oracle.com | |
| OpenSSLX.509 IPAddressFamily Buffer Overread Lets Remote Users Cause Certificate Text to Be Displayed Incorrectly - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CPU July 2018 | CONFIRM | www.oracle.com | |
| Oracle Critical Patch Update - April 2018 | CONFIRM | www.oracle.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Oracle Critical Patch Update Advisory - July 2021 | N/A | www.oracle.com | |
| USN-3611-2: OpenSSL vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Oracle Critical Patch Update - January 2019 | CONFIRM | www.oracle.com | |
| Oracle Critical Patch Update - July 2019 | MISC | www.oracle.com | |
| FreeBSD-SA-17:11 | FREEBSD | security.FreeBSD.org | |
| About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support | CONFIRM | support.apple.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | CONFIRM | cert-portal.siemens.com | |
| Debian -- Security Information -- DSA-4018-1 openssl | DEBIAN | www.debian.org | Third Party Advisory |
| Debian -- Security Information -- DSA-4017-1 openssl1.0 | DEBIAN | www.debian.org | Third Party Advisory |
| CPU Oct 2018 | CONFIRM | www.oracle.com | |
| CVE-2017-3736 OpenSSL Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Issue Tracking, Third Party Advisory |
| [R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| www.openssl.org/news/secadv/20170828.txt | CONFIRM | www.openssl.org | Patch, Vendor Advisory |
| Avoid out-of-bounds read · openssl/openssl@068b963 · GitHub | MISC | github.com | |
| CVE-2017-3735 OpenSSL Vulnerability in Multiple NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Issue Tracking, Third Party Advisory |
| [R1]SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable™ | CONFIRM | www.tenable.com | Issue Tracking, Third Party Advisory |
| [SECURITY] [DLA-1157-1] openssl security update | MLIST | lists.debian.org | |
| Oracle Critical Patch Update Advisory - April 2019 | MISC | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 330104 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Denial of Service (DoS) Vulnerability (openssl_advisory35)
- 590572 PHOENIX CONTACT FL SWITCH Multiple Vulnerabilities (ICSA-19-024-02)
- 591280 Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)
- 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
- 591350 General Electric D20MX Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (PRSN-0006)
- 670784 EulerOS Security Update for shim (EulerOS-SA-2021-2542)
- 670808 EulerOS Security Update for shim (EulerOS-SA-2021-2566)
- 671109 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2019-2509)
- 710507 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 201712-03)