SSL: OpenSSL X.509 IPAddressFamily Extension Parsing Out-of-Bounds Read
An out-of-bounds read vulnerability has been reported in OpenSSL. A remote attacker could exploit this vulnerability by sending a crafted certificate to a vulnerable server. Successful exploitation of this vulnerability could lead to denial-of-service conditions on the target server.
Extended Description
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Affected Products
Openssl openssl
Short Name
SSL:VULN:SSL-CERT-OOB
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
CVE-2017-3735 Extension IPAddressFamily OpenSSL Out-of-Bounds Parsing Read X.509 bid:100515
Release Date
09/12/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Openssl
Debian
CVSS Score
5.0