Medium severity5.3NVD Advisory· Published Aug 28, 2017· Updated Jun 17, 2026
CVE-2017-3735
CVE-2017-3735
Description
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
137cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*+ 100 more
- cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*
- (no CPE)range: 1.1.0
- osv-coords34 versionspkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/suse/firefox-atk&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-cairo&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-gdk-pixbuf&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-glib2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-harfbuzz&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-libffi&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-libffi-gcc5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/firefox-pango&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/nodejs4&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/nodejs4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs6&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/nodejs6&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs6&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITYpkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/openssl&distro=SUSE%20OpenStack%20Cloud%206
< 1.0.2u-6.2+ 33 more
- (no CPE)range: < 1.0.2u-6.2
- (no CPE)range: < 1.1.1l-1.2
- (no CPE)range: < 2.26.1-2.8.4
- (no CPE)range: < 1.15.10-2.13.4
- (no CPE)range: < 2.36.11-2.8.4
- (no CPE)range: < 2.54.3-2.14.7
- (no CPE)range: < 3.10.9-2.15.3
- (no CPE)range: < 1.7.5-2.7.4
- (no CPE)range: < 3.2.1.git259-2.3.3
- (no CPE)range: < 5.3.1+r233831-14.1
- (no CPE)range: < 1.40.14-2.7.4
- (no CPE)range: < 68-21.9.8
- (no CPE)range: < 68.2.0-78.51.4
- (no CPE)range: < 4.21-29.6.1
- (no CPE)range: < 3.45-38.9.3
- (no CPE)range: < 4.8.7-15.8.1
- (no CPE)range: < 4.8.7-15.8.1
- (no CPE)range: < 6.12.2-11.8.1
- (no CPE)range: < 6.12.2-11.8.1
- (no CPE)range: < 6.12.2-11.8.1
- (no CPE)range: < 1.0.1g-0.58.3.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.1i-54.8.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.1i-27.28.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.1i-54.8.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.2j-60.16.1
- (no CPE)range: < 1.0.1i-54.8.1
Patches
Vulnerability mechanics
References
27- www.openssl.org/news/secadv/20170828.txtnvdPatchVendor Advisory
- www.securityfocus.com/bid/100515nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039726nvdThird Party AdvisoryVDB Entry
- security.netapp.com/advisory/ntap-20170927-0001/nvdIssue TrackingThird Party Advisory
- security.netapp.com/advisory/ntap-20171107-0002/nvdIssue TrackingThird Party Advisory
- www.debian.org/security/2017/dsa-4017nvdThird Party Advisory
- www.debian.org/security/2017/dsa-4018nvdThird Party Advisory
- www.openssl.org/news/secadv/20171102.txtnvdIssue TrackingVendor Advisory
- www.tenable.com/security/tns-2017-14nvdIssue TrackingThird Party Advisory
- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvd
- access.redhat.com/errata/RHSA-2018:3221nvd
- access.redhat.com/errata/RHSA-2018:3505nvd
- cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfnvd
- github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822nvd
- lists.debian.org/debian-lts-announce/2017/11/msg00011.htmlnvd
- security.freebsd.org/advisories/FreeBSD-SA-17:11.openssl.ascnvd
- security.gentoo.org/glsa/201712-03nvd
- support.apple.com/HT208331nvd
- usn.ubuntu.com/3611-2/nvd
- www.oracle.com//security-alerts/cpujul2021.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvd
- www.tenable.com/security/tns-2017-15nvd
News mentions
0No linked articles in our index yet.