CVE-2017-3735: Buffer Overflow

Published Aug 28, 2017
·
Updated

If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format.

External References:

https://www.openssl.org/news/secadv/20170828.txt

References:

https://github.com/openssl/openssl/pull/4276

Other sources

OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate.

IBM

OpenSSL. An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking.

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Credit

found by OSS-Fuzz

Affected Software

110 affected componentsFixes available
redhat/openssl<1:1.0.2k-16.el7
1:1.0.2k-16.el7
redhat/openssl<1.0.2
1.0.2
redhat/openssl<1.1.0
1.1.0
Apple macOS High Sierra<10.13.2
10.13.2
Apple Sierra
Apple El Capitan
IBM Security Verify Governance<=10.0
OpenSSL OpenSSL=0.9.7j
OpenSSL OpenSSL=0.9.7k
OpenSSL OpenSSL=0.9.7l
OpenSSL OpenSSL=0.9.7m
OpenSSL OpenSSL=0.9.8
OpenSSL OpenSSL=0.9.8a
OpenSSL OpenSSL=0.9.8b
OpenSSL OpenSSL=0.9.8c
OpenSSL OpenSSL=0.9.8d
OpenSSL OpenSSL=0.9.8e
OpenSSL OpenSSL=0.9.8f
OpenSSL OpenSSL=0.9.8g
OpenSSL OpenSSL=0.9.8h
OpenSSL OpenSSL=0.9.8i
OpenSSL OpenSSL=0.9.8j
OpenSSL OpenSSL=0.9.8k
OpenSSL OpenSSL=0.9.8l
OpenSSL OpenSSL=0.9.8m
OpenSSL OpenSSL=0.9.8m-beta1
OpenSSL OpenSSL=0.9.8n
OpenSSL OpenSSL=0.9.8o
OpenSSL OpenSSL=0.9.8p
OpenSSL OpenSSL=0.9.8q
OpenSSL OpenSSL=0.9.8r
OpenSSL OpenSSL=0.9.8s
OpenSSL OpenSSL=0.9.8t
OpenSSL OpenSSL=0.9.8u
OpenSSL OpenSSL=0.9.8v
OpenSSL OpenSSL=0.9.8w
OpenSSL OpenSSL=0.9.8x
OpenSSL OpenSSL=0.9.8y
OpenSSL OpenSSL=0.9.8z
OpenSSL OpenSSL=0.9.8za
OpenSSL OpenSSL=0.9.8zb
OpenSSL OpenSSL=0.9.8zc
OpenSSL OpenSSL=0.9.8ze
OpenSSL OpenSSL=0.9.8zg
OpenSSL OpenSSL=1.0.0
OpenSSL OpenSSL=1.0.0-beta1
OpenSSL OpenSSL=1.0.0-beta2
OpenSSL OpenSSL=1.0.0-beta3
OpenSSL OpenSSL=1.0.0-beta4
OpenSSL OpenSSL=1.0.0-beta5
OpenSSL OpenSSL=1.0.0a
OpenSSL OpenSSL=1.0.0b
OpenSSL OpenSSL=1.0.0c
OpenSSL OpenSSL=1.0.0d
OpenSSL OpenSSL=1.0.0e
OpenSSL OpenSSL=1.0.0f
OpenSSL OpenSSL=1.0.0g
OpenSSL OpenSSL=1.0.0h
OpenSSL OpenSSL=1.0.0i
OpenSSL OpenSSL=1.0.0j
OpenSSL OpenSSL=1.0.0k
OpenSSL OpenSSL=1.0.0l
OpenSSL OpenSSL=1.0.0m
OpenSSL OpenSSL=1.0.0n
OpenSSL OpenSSL=1.0.0o
OpenSSL OpenSSL=1.0.0p
OpenSSL OpenSSL=1.0.0q
OpenSSL OpenSSL=1.0.0r
OpenSSL OpenSSL=1.0.0s
OpenSSL OpenSSL=1.0.1
OpenSSL OpenSSL=1.0.1-beta1
OpenSSL OpenSSL=1.0.1-beta2
OpenSSL OpenSSL=1.0.1-beta3
OpenSSL OpenSSL=1.0.1a
OpenSSL OpenSSL=1.0.1b
OpenSSL OpenSSL=1.0.1c
OpenSSL OpenSSL=1.0.1d
OpenSSL OpenSSL=1.0.1e
OpenSSL OpenSSL=1.0.1f
OpenSSL OpenSSL=1.0.1g
OpenSSL OpenSSL=1.0.1h
OpenSSL OpenSSL=1.0.1i
OpenSSL OpenSSL=1.0.1j
OpenSSL OpenSSL=1.0.1k
OpenSSL OpenSSL=1.0.1l
OpenSSL OpenSSL=1.0.2
OpenSSL OpenSSL=1.0.2-beta1
OpenSSL OpenSSL=1.0.2-beta2
OpenSSL OpenSSL=1.0.2-beta3
OpenSSL OpenSSL=1.0.2a
OpenSSL OpenSSL=1.0.2b
OpenSSL OpenSSL=1.0.2c
OpenSSL OpenSSL=1.0.2d
OpenSSL OpenSSL=1.0.2e
OpenSSL OpenSSL=1.0.2f
OpenSSL OpenSSL=1.0.2h
OpenSSL OpenSSL=1.0.2i
OpenSSL OpenSSL=1.0.2j
OpenSSL OpenSSL=1.0.2k
OpenSSL OpenSSL=1.0.2l
OpenSSL OpenSSL=1.1.0
OpenSSL OpenSSL=1.1.0a
OpenSSL OpenSSL=1.1.0b
OpenSSL OpenSSL=1.1.0c
OpenSSL OpenSSL=1.1.0d
OpenSSL OpenSSL=1.1.0e
OpenSSL OpenSSL=1.1.0f
Debian Debian Linux=8.0
Debian Debian Linux=9.0
debian/openssl
1.1.1w-0+deb11u11.1.1w-0+deb11u43.0.18-1~deb12u13.0.18-1~deb12u23.5.4-1~deb13u13.5.4-1~deb13u23.5.5-1

Remediation

Patch Available

https://www.openssl.org/news/secadv/20170828.txt

Event History

Aug 28, 2017
CVE Published
12:00 AM
CVE Published
via MITRE·07:00 PM
Data Sourced
via MITRE·07:00 PM
DescriptionWeakness
Data Sourced
via NVD·07:29 PM
RemedyDescriptionSeverityWeaknessAffected Software
Aug 29, 2017
Data Sourced
via Red Hat·07:31 AM
DescriptionSeverityAffected Software
Jan 11, 2024
Data Sourced
via Launchpad·10:37 PM
Description
Feb 21, 2026
Data Sourced
via Ubuntu·11:26 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Debian·11:27 PM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2017-3735?

CVE-2017-3735 has a severity rating of moderate due to the potential for erroneous display of X.509 certificates.

2

How do I fix CVE-2017-3735?

To fix CVE-2017-3735, upgrade OpenSSL to version 1:1.0.2k-16.el7 or any version above this if available.

3

What software is affected by CVE-2017-3735?

CVE-2017-3735 affects various versions of OpenSSL, including 0.9.7 through 1.1.0, and certain products by IBM and Apple.

4

What impact does CVE-2017-3735 have on systems?

The impact of CVE-2017-3735 is mainly cosmetic, leading to potential misrepresentation of certificates without functional damage.

5

Is there a workaround for CVE-2017-3735?

There are no official workarounds for CVE-2017-3735 aside from applying the available software updates to mitigate the issue.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203