CVE-2017-3735: Buffer Overflow

First published: Mon Aug 28 2017(Updated: )

If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. External References: <a href="https://www.openssl.org/news/secadv/20170828.txt">https://www.openssl.org/news/secadv/20170828.txt</a> References: <a href="https://github.com/openssl/openssl/pull/4276">https://github.com/openssl/openssl/pull/4276</a>

Credit: found by OSS-Fuzz openssl-security@openssl.org openssl-security@openssl.org

Affected Software	Affected Version	How to fix
redhat/openssl	<1:1.0.2k-16.el7	1:1.0.2k-16.el7
OpenSSL OpenSSL	=0.9.7j
OpenSSL OpenSSL	=0.9.7k
OpenSSL OpenSSL	=0.9.7l
OpenSSL OpenSSL	=0.9.7m
OpenSSL OpenSSL	=0.9.8
OpenSSL OpenSSL	=0.9.8a
OpenSSL OpenSSL	=0.9.8b
OpenSSL OpenSSL	=0.9.8c
OpenSSL OpenSSL	=0.9.8d
OpenSSL OpenSSL	=0.9.8e
OpenSSL OpenSSL	=0.9.8f
OpenSSL OpenSSL	=0.9.8g
OpenSSL OpenSSL	=0.9.8h
OpenSSL OpenSSL	=0.9.8i
OpenSSL OpenSSL	=0.9.8j
OpenSSL OpenSSL	=0.9.8k
OpenSSL OpenSSL	=0.9.8l
OpenSSL OpenSSL	=0.9.8m
OpenSSL OpenSSL	=0.9.8m-beta1
OpenSSL OpenSSL	=0.9.8n
OpenSSL OpenSSL	=0.9.8o
OpenSSL OpenSSL	=0.9.8p
OpenSSL OpenSSL	=0.9.8q
OpenSSL OpenSSL	=0.9.8r
OpenSSL OpenSSL	=0.9.8s
OpenSSL OpenSSL	=0.9.8t
OpenSSL OpenSSL	=0.9.8u
OpenSSL OpenSSL	=0.9.8v
OpenSSL OpenSSL	=0.9.8w
OpenSSL OpenSSL	=0.9.8x
OpenSSL OpenSSL	=0.9.8y
OpenSSL OpenSSL	=0.9.8z
OpenSSL OpenSSL	=0.9.8za
OpenSSL OpenSSL	=0.9.8zb
OpenSSL OpenSSL	=0.9.8zc
OpenSSL OpenSSL	=0.9.8ze
OpenSSL OpenSSL	=0.9.8zg
OpenSSL OpenSSL	=1.0.0
OpenSSL OpenSSL	=1.0.0-beta1
OpenSSL OpenSSL	=1.0.0-beta2
OpenSSL OpenSSL	=1.0.0-beta3
OpenSSL OpenSSL	=1.0.0-beta4
OpenSSL OpenSSL	=1.0.0-beta5
OpenSSL OpenSSL	=1.0.0a
OpenSSL OpenSSL	=1.0.0b
OpenSSL OpenSSL	=1.0.0c
OpenSSL OpenSSL	=1.0.0d
OpenSSL OpenSSL	=1.0.0e
OpenSSL OpenSSL	=1.0.0f
OpenSSL OpenSSL	=1.0.0g
OpenSSL OpenSSL	=1.0.0h
OpenSSL OpenSSL	=1.0.0i
OpenSSL OpenSSL	=1.0.0j
OpenSSL OpenSSL	=1.0.0k
OpenSSL OpenSSL	=1.0.0l
OpenSSL OpenSSL	=1.0.0m
OpenSSL OpenSSL	=1.0.0n
OpenSSL OpenSSL	=1.0.0o
OpenSSL OpenSSL	=1.0.0p
OpenSSL OpenSSL	=1.0.0q
OpenSSL OpenSSL	=1.0.0r
OpenSSL OpenSSL	=1.0.0s
OpenSSL OpenSSL	=1.0.1
OpenSSL OpenSSL	=1.0.1-beta1
OpenSSL OpenSSL	=1.0.1-beta2
OpenSSL OpenSSL	=1.0.1-beta3
OpenSSL OpenSSL	=1.0.1a
OpenSSL OpenSSL	=1.0.1b
OpenSSL OpenSSL	=1.0.1c
OpenSSL OpenSSL	=1.0.1d
OpenSSL OpenSSL	=1.0.1e
OpenSSL OpenSSL	=1.0.1f
OpenSSL OpenSSL	=1.0.1g
OpenSSL OpenSSL	=1.0.1h
OpenSSL OpenSSL	=1.0.1i
OpenSSL OpenSSL	=1.0.1j
OpenSSL OpenSSL	=1.0.1k
OpenSSL OpenSSL	=1.0.1l
OpenSSL OpenSSL	=1.0.2
OpenSSL OpenSSL	=1.0.2-beta1
OpenSSL OpenSSL	=1.0.2-beta2
OpenSSL OpenSSL	=1.0.2-beta3
OpenSSL OpenSSL	=1.0.2a
OpenSSL OpenSSL	=1.0.2b
OpenSSL OpenSSL	=1.0.2c
OpenSSL OpenSSL	=1.0.2d
OpenSSL OpenSSL	=1.0.2e
OpenSSL OpenSSL	=1.0.2f
OpenSSL OpenSSL	=1.0.2h
OpenSSL OpenSSL	=1.0.2i
OpenSSL OpenSSL	=1.0.2j
OpenSSL OpenSSL	=1.0.2k
OpenSSL OpenSSL	=1.0.2l
OpenSSL OpenSSL	=1.1.0
OpenSSL OpenSSL	=1.1.0a
OpenSSL OpenSSL	=1.1.0b
OpenSSL OpenSSL	=1.1.0c
OpenSSL OpenSSL	=1.1.0d
OpenSSL OpenSSL	=1.1.0e
OpenSSL OpenSSL	=1.1.0f
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Apple macOS High Sierra	<10.13.2	10.13.2
Apple Sierra
Apple El Capitan
redhat/openssl	<1.0.2	1.0.2
redhat/openssl	<1.1.0	1.1.0
IBM Security Verify Governance	<=10.0
debian/openssl		1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.14-1~deb12u1 3.0.14-1~deb12u2 3.3.2-1

Remedy

https://www.openssl.org/news/secadv/20170828.txt

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/redhat-cve
collector/nvd-index
agent/type
agent/last-modified-date
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/apple-support
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/remedy
agent/weakness
agent/author
agent/severity
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-3735
collector/ibm-support
source/IBM
agent/event
agent/references
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/openssl
canonical/openssl openssl
version/openssl openssl/0.9.7j
version/openssl openssl/0.9.7k
version/openssl openssl/0.9.7l
version/openssl openssl/0.9.7m
version/openssl openssl/0.9.8
version/openssl openssl/0.9.8a
version/openssl openssl/0.9.8b
version/openssl openssl/0.9.8c
version/openssl openssl/0.9.8d
version/openssl openssl/0.9.8e
version/openssl openssl/0.9.8f
version/openssl openssl/0.9.8g
version/openssl openssl/0.9.8h
version/openssl openssl/0.9.8i
version/openssl openssl/0.9.8j
version/openssl openssl/0.9.8k
version/openssl openssl/0.9.8l
version/openssl openssl/0.9.8m
version/openssl openssl/0.9.8m-beta1
version/openssl openssl/0.9.8n
version/openssl openssl/0.9.8o
version/openssl openssl/0.9.8p
version/openssl openssl/0.9.8q
version/openssl openssl/0.9.8r
version/openssl openssl/0.9.8s
version/openssl openssl/0.9.8t
version/openssl openssl/0.9.8u
version/openssl openssl/0.9.8v
version/openssl openssl/0.9.8w
version/openssl openssl/0.9.8x
version/openssl openssl/0.9.8y
version/openssl openssl/0.9.8z
version/openssl openssl/0.9.8za
version/openssl openssl/0.9.8zb
version/openssl openssl/0.9.8zc
version/openssl openssl/0.9.8ze
version/openssl openssl/0.9.8zg
version/openssl openssl/1.0.0
version/openssl openssl/1.0.0-beta1
version/openssl openssl/1.0.0-beta2
version/openssl openssl/1.0.0-beta3
version/openssl openssl/1.0.0-beta4
version/openssl openssl/1.0.0-beta5
version/openssl openssl/1.0.0a
version/openssl openssl/1.0.0b
version/openssl openssl/1.0.0c
version/openssl openssl/1.0.0d
version/openssl openssl/1.0.0e
version/openssl openssl/1.0.0f
version/openssl openssl/1.0.0g
version/openssl openssl/1.0.0h
version/openssl openssl/1.0.0i
version/openssl openssl/1.0.0j
version/openssl openssl/1.0.0k
version/openssl openssl/1.0.0l
version/openssl openssl/1.0.0m
version/openssl openssl/1.0.0n
version/openssl openssl/1.0.0o
version/openssl openssl/1.0.0p
version/openssl openssl/1.0.0q
version/openssl openssl/1.0.0r
version/openssl openssl/1.0.0s
version/openssl openssl/1.0.1
version/openssl openssl/1.0.1-beta1
version/openssl openssl/1.0.1-beta2
version/openssl openssl/1.0.1-beta3
version/openssl openssl/1.0.1a
version/openssl openssl/1.0.1b
version/openssl openssl/1.0.1c
version/openssl openssl/1.0.1d
version/openssl openssl/1.0.1e
version/openssl openssl/1.0.1f
version/openssl openssl/1.0.1g
version/openssl openssl/1.0.1h
version/openssl openssl/1.0.1i
version/openssl openssl/1.0.1j
version/openssl openssl/1.0.1k
version/openssl openssl/1.0.1l
version/openssl openssl/1.0.2
version/openssl openssl/1.0.2-beta1
version/openssl openssl/1.0.2-beta2
version/openssl openssl/1.0.2-beta3
version/openssl openssl/1.0.2a
version/openssl openssl/1.0.2b
version/openssl openssl/1.0.2c
version/openssl openssl/1.0.2d
version/openssl openssl/1.0.2e
version/openssl openssl/1.0.2f
version/openssl openssl/1.0.2h
version/openssl openssl/1.0.2i
version/openssl openssl/1.0.2j
version/openssl openssl/1.0.2k
version/openssl openssl/1.0.2l
version/openssl openssl/1.1.0
version/openssl openssl/1.1.0a
version/openssl openssl/1.1.0b
version/openssl openssl/1.1.0c
version/openssl openssl/1.1.0d
version/openssl openssl/1.1.0e
version/openssl openssl/1.1.0f
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/apple
canonical/apple macos high sierra
canonical/apple sierra
canonical/apple el capitan
vendor/ibm
canonical/ibm security verify governance
version/ibm security verify governance/10.0
package-manager/debian

CVE-2017-3735: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Company

Resources

Contact