CVE-2017-3735

Source
Severity Low
Remote Yes
Type Denial of service
Description
A security issue has been found in OpenSSL < 1.1.0g. If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format.
Group Package Affected Fixed Severity Status Ticket
AVG-480 lib32-openssl-1.0 1.0.2.l-2 1.0.2.n-1 Medium Fixed
AVG-479 openssl-1.0 1.0.2.l-1 1.0.2.n-1 Medium Fixed
AVG-478 lib32-openssl 1:1.1.0.f-1 1:1.1.0.g-1 Medium Fixed
AVG-477 openssl 1.1.0.f-2 1.1.0.g-1 Medium Fixed
Date Advisory Group Package Severity Description
16 Dec 2017 ASA-201712-9 AVG-479 openssl-1.0 Medium multiple issues
17 Dec 2017 ASA-201712-11 AVG-480 lib32-openssl-1.0 Medium multiple issues
08 Nov 2017 ASA-201711-15 AVG-478 lib32-openssl Medium multiple issues
07 Nov 2017 ASA-201711-14 AVG-477 openssl Medium multiple issues
References
https://www.openssl.org/news/vulnerabilities.html#2017-3735
https://www.openssl.org/news/secadv/20170828.txt
https://github.com/openssl/openssl/commit/b23171744b01e473ebbfd6edad70c1c3825ffbcd