{"id":"CVE-2017-3735","details":"While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.","modified":"2026-04-16T01:39:53.370025448Z","published":"2017-08-28T19:29:01.353Z","related":["SUSE-FU-2022:0445-1","SUSE-SU-2017:2968-1","SUSE-SU-2017:2981-1","SUSE-SU-2017:3169-1","SUSE-SU-2018:0002-1","SUSE-SU-2018:0112-1","SUSE-SU-2018:0293-1","SUSE-SU-2019:14246-1","openSUSE-SU-2024:11126-1","openSUSE-SU-2024:11127-1"],"references":[{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"},{"type":"WEB","url":"https://support.apple.com/HT208331"},{"type":"WEB","url":"https://usn.ubuntu.com/3611-2/"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2017-15"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100515"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039726"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3221"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"type":"ADVISORY","url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201712-03"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20170927-0001/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20171107-0002/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4017"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4018"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20170828.txt"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20171102.txt"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2017-14"},{"type":"REPORT","url":"https://security.netapp.com/advisory/ntap-20170927-0001/"},{"type":"REPORT","url":"https://security.netapp.com/advisory/ntap-20171107-0002/"},{"type":"REPORT","url":"https://www.openssl.org/news/secadv/20171102.txt"},{"type":"REPORT","url":"https://www.tenable.com/security/tns-2017-14"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"},{"type":"FIX","url":"https://www.openssl.org/news/secadv/20170828.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"fixed":"068b963bb7afc57f5bdd723de0dd15e7795d5822"}]}],"versions":["BEFORE_engine","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_1_1_0","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_0a","OpenSSL_1_1_0b","OpenSSL_1_1_0c","OpenSSL_1_1_0d","OpenSSL_1_1_0e","OpenSSL_1_1_0f","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3735.json","vanir_signatures":[{"digest":{"function_hash":"208379985860684619268173937024277364981","length":257},"target":{"file":"crypto/x509v3/v3_addr.c","function":"X509v3_addr_get_afi"},"id":"CVE-2017-3735-2142274c","signature_version":"v1","deprecated":false,"source":"https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822","signature_type":"Function"},{"source":"https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822","id":"CVE-2017-3735-9d266ab3","target":{"file":"crypto/x509v3/v3_addr.c"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["7845397449413559425215778482047677846","207653610646830533992290501458377593330","174509823600981861032748115460464239886","192650640657398900158594109941984932058","211215256581144995289213155903521295219","192968340343454854111328050829945119022","279966053529557468968767575759043715403"]},"signature_type":"Line"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}