CVE-2017-3735

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/100515	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039726	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3505
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
https://security.gentoo.org/glsa/201712-03
https://security.netapp.com/advisory/ntap-20170927-0001/	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20171107-0002/	Issue Tracking Third Party Advisory
https://support.apple.com/HT208331
https://usn.ubuntu.com/3611-2/
https://www.debian.org/security/2017/dsa-4017	Third Party Advisory
https://www.debian.org/security/2017/dsa-4018	Third Party Advisory
https://www.openssl.org/news/secadv/20170828.txt	Patch Vendor Advisory
https://www.openssl.org/news/secadv/20171102.txt	Issue Tracking Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2017-14	Issue Tracking Third Party Advisory
https://www.tenable.com/security/tns-2017-15
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/100515	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039726	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3505
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
https://security.gentoo.org/glsa/201712-03
https://security.netapp.com/advisory/ntap-20170927-0001/	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20171107-0002/	Issue Tracking Third Party Advisory
https://support.apple.com/HT208331
https://usn.ubuntu.com/3611-2/
https://www.debian.org/security/2017/dsa-4017	Third Party Advisory
https://www.debian.org/security/2017/dsa-4018	Third Party Advisory
https://www.openssl.org/news/secadv/20170828.txt	Patch Vendor Advisory
https://www.openssl.org/news/secadv/20171102.txt	Issue Tracking Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2017-14	Issue Tracking Third Party Advisory
https://www.tenable.com/security/tns-2017-15

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
	cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
	cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8t:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8u:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8v:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8w:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8x:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8y:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8z:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8za:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8zb:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8zc:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8ze:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8zg:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0h:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0i:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0j:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0k:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0l:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0m:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0n:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0o:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0p:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0q:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0r:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0s:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
cpe:2.3:a:openssl:openssl:1.0.1i:::::::*
cpe:2.3:a:openssl:openssl:1.0.1j:::::::*
cpe:2.3:a:openssl:openssl:1.0.1k:::::::*
cpe:2.3:a:openssl:openssl:1.0.1l:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:::::::*
cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.2:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.2:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.2a:::::::*
cpe:2.3:a:openssl:openssl:1.0.2b:::::::*
cpe:2.3:a:openssl:openssl:1.0.2c:::::::*
cpe:2.3:a:openssl:openssl:1.0.2d:::::::*
cpe:2.3:a:openssl:openssl:1.0.2e:::::::*
cpe:2.3:a:openssl:openssl:1.0.2f:::::::*
cpe:2.3:a:openssl:openssl:1.0.2h:::::::*
cpe:2.3:a:openssl:openssl:1.0.2i:::::::*
cpe:2.3:a:openssl:openssl:1.0.2j:::::::*
cpe:2.3:a:openssl:openssl:1.0.2k:::::::*
cpe:2.3:a:openssl:openssl:1.0.2l:::::::*
cpe:2.3:a:openssl:openssl:1.1.0:::::::*
cpe:2.3:a:openssl:openssl:1.1.0a:::::::*
cpe:2.3:a:openssl:openssl:1.1.0b:::::::*
cpe:2.3:a:openssl:openssl:1.1.0c:::::::*
cpe:2.3:a:openssl:openssl:1.1.0d:::::::*
cpe:2.3:a:openssl:openssl:1.1.0e:::::::*
cpe:2.3:a:openssl:openssl:1.1.0f:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

History

21 Nov 2024, 03:26

Information

Published : 2017-08-28 19:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-3735

Mitre link : CVE-2017-3735

CVE.ORG link : CVE-2017-3735

JSON object : View

Products Affected

openssl

openssl

debian

debian_linux

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2017-3735", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2017-08-28T19:29:01.353", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "source": "openssl-security@openssl.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "source": "openssl-security@openssl.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "source": "openssl-security@openssl.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "source": "openssl-security@openssl.org"}, {"url": "http://www.securityfocus.com/bid/100515", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "http://www.securitytracker.com/id/1039726", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3221", "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3505", "source": "openssl-security@openssl.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822", "source": "openssl-security@openssl.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html", "source": "openssl-security@openssl.org"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc", "source": "openssl-security@openssl.org"}, {"url": "https://security.gentoo.org/glsa/201712-03", "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20170927-0001/", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20171107-0002/", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://support.apple.com/HT208331", "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3611-2/", "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2017/dsa-4017", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2017/dsa-4018", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.openssl.org/news/secadv/20170828.txt", "tags": ["Patch", "Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.openssl.org/news/secadv/20171102.txt", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2017-14", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2017-15", "source": "openssl-security@openssl.org"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/100515", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1039726", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3221", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3505", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201712-03", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20170927-0001/", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20171107-0002/", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT208331", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3611-2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2017/dsa-4017", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2017/dsa-4018", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openssl.org/news/secadv/20170828.txt", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openssl.org/news/secadv/20171102.txt", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/tns-2017-14", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/tns-2017-15", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g."}, {"lang": "es", "value": "Al analizar una extensi\u00f3n IPAddressFamily en un certificado X.509, es posible realizar una sobrelectura de un bit. Esto tendr\u00eda como resultado que el texto del certificado se muestre de forma incorrecta. Este error ha existido desde 2006 y est\u00e1 presente en todas las versiones de OpenSSL anteriores a la 1.0.2m y 1.1.0g."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AEBE689-3952-46F0-BACA-BB03041C6D36"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "499E52F3-4B34-4C47-8ABF-292928EBAA5F"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D530BE19-ADCF-4B5C-99E0-2B9A1DE7717F"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7540155-3629-4C76-9C67-8A8E0C1067F1"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "419BBCCD-6F8A-418A-BA02-56267B11D948"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A3A2AF8-C7DD-43D0-B03F-37E7EB735C1D"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC142ACF-3CBD-4F96-B2AA-C7D48E7CF31E"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6B4D332-3CB7-4C57-A689-ED0894659ED9"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB130295-F27C-45DD-80F6-BE4BB0931C0B"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFA6F5C9-9EE6-40FA-AA99-B4C7274BE8EA"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6626FDA4-82B2-412E-8282-7031E53F020B"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63DB3BC8-C87B-4937-BB97-4BE7BCF525CB"}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ACAA671-BDC0-42F4-9AB5-CF19F50AF101"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "132B9217-B0E0-4E3E-9096-162AA28E158E"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7619F9A0-9054-4217-93D1-3EA64876C5B0"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D82C405-17E2-4DF1-8DF5-315BD5A41595"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C96806F-4718-4BD3-9102-55A26AA86498"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A16CD99-AF7F-4931-AD2E-77727BA18FBD"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88440697-754A-47A7-BF83-4D0EB68FFB10"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD51F0FC-F426-4AE5-B3B9-B813C580EBAE"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38721148-F24A-4339-8282-BC2DD9553512"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48CE49C8-0672-46A0-BCD0-C0E62801444E"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F0C6812-F455-49CF-B29B-9AC00306DA43"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3703E445-17C0-4C85-A496-A35641C0C8DB"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABEC1927-F469-4B9E-B544-DA6CF90F0B34"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDF148A3-1AA7-4F27-85AB-414C609C626F"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E15B749E-6808-4788-AE42-7A1587D8697E"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58F80C8D-BCA2-40AD-BD22-B70C7BE1B298"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70B78EDF-6BB7-42C4-9423-9332C62C6E43"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73104834-5810-48DD-9B97-549D223853F1"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9D7A18A-116B-4F68-BEA3-A4E9DDDA55C6"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFC70262-0DCD-4B46-9C96-FD18D0207511"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E07A34-08A0-4765-AF81-46A3BDC5648A"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B0A3D8-60C7-4F42-9DD6-C535F983D98B"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD08E859-BB6D-4909-A873-C2609FA2821A"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2BF7D67-EAF4-4D01-9185-0DB69F2C543B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "openssl-security@openssl.org"}

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2017-3735

5.3^/10

5.0^/10

Attach tags to `CVE-2017-3735`