5.3
CVE-2017-3735
- EPSS 17.7%
- Veröffentlicht 28.08.2017 19:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle openssl-security@openssl.org
- CVE-Watchlists
- Unerledigt
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.7% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2017-14
https://access.redhat.com/errata/RHSA-2018:3505
http://www.securityfocus.com/bid/100515
http://www.securitytracker.com/id/1039726
https://access.redhat.com/errata/RHSA-2018:3221
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
https://security.gentoo.org/glsa/201712-03
https://security.netapp.com/advisory/ntap-20170927-0001/
https://security.netapp.com/advisory/ntap-20171107-0002/
https://support.apple.com/HT208331
https://usn.ubuntu.com/3611-2/
https://www.debian.org/security/2017/dsa-4017
https://www.debian.org/security/2017/dsa-4018
https://www.openssl.org/news/secadv/20170828.txt
https://www.openssl.org/news/secadv/20171102.txt
https://www.tenable.com/security/tns-2017-15