Updated: 2026-02-27 02:51:10.642935
Description:
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5.0 |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | openssl | 1.0.1e | 5.3 | MEDIUM | Released | CLSA-2021:1632262317 | 2022-05-05 12:36:28 | |
| CloudLinux 6 ELS | openssl | 1.0.1e | 5.3 | MEDIUM | Released | 2021-11-02 14:03:17 | ||
| Oracle Linux 6 ELS | openssl | 1.0.1e | 5.3 | MEDIUM | Not Vulnerable | 2021-11-02 14:03:17 | CVE-2017-3735 is only reachable when OpenSSL processes the optional RFC 3779 IPAddressFamily X.509 e... | |
| Ubuntu 16.04 ELS | openssl | 1.0.2g-1 | 5.3 | MEDIUM | Not Vulnerable | 2021-11-02 14:03:17 | CVE-2017-3735 only triggers when OpenSSL parses an X.509 certificate that includes the optional RFC ... |