UBUNTU-CVE-2017-3735
- Source
- https://ubuntu.com/security/CVE-2017-3735
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-3735.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-3735
- Upstream
- Downstream
- Related
- Published
- 2017-08-28T00:00:00Z
- Modified
- 2025-07-16T07:36:44.162939Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
- References
Affected packages
Ubuntu:14.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.23?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.1f-1ubuntu2.23
Affected versions
1.*
1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
1.0.1f-1ubuntu2.16
1.0.1f-1ubuntu2.17
1.0.1f-1ubuntu2.18
1.0.1f-1ubuntu2.19
1.0.1f-1ubuntu2.20
1.0.1f-1ubuntu2.21
1.0.1f-1ubuntu2.22
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libcrypto1.0.0-udeb",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libcrypto1.0.0-udeb-dbgsym",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl-dev",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl-dev-dbgsym",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl-doc",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl1.0.0",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl1.0.0-dbg",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl1.0.0-dbgsym",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl1.0.0-udeb",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "libssl1.0.0-udeb-dbgsym",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "openssl",
"binary_version": "1.0.1f-1ubuntu2.23"
},
{
"binary_name": "openssl-dbgsym",
"binary_version": "1.0.1f-1ubuntu2.23"
}
]
}
Ubuntu:16.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.9?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2g-1ubuntu4.9
Affected versions
1.*
1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libcrypto1.0.0-udeb",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libcrypto1.0.0-udeb-dbgsym",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl-dev",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl-dev-dbgsym",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl-doc",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl1.0.0",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl1.0.0-dbg",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl1.0.0-dbgsym",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl1.0.0-udeb",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "libssl1.0.0-udeb-dbgsym",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "openssl",
"binary_version": "1.0.2g-1ubuntu4.9"
},
{
"binary_name": "openssl-dbgsym",
"binary_version": "1.0.2g-1ubuntu4.9"
}
]
}
Ubuntu:18.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu14?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2g-1ubuntu14
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libcrypto1.0.0-udeb",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "libssl-dev",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "libssl-doc",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "libssl1.0-dev",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "libssl1.0.0",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "libssl1.0.0-dbg",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "libssl1.0.0-udeb",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "openssl",
"binary_version": "1.0.2g-1ubuntu14"
},
{
"binary_name": "openssl-dbgsym",
"binary_version": "1.0.2g-1ubuntu14"
}
]
}
Ubuntu:18.04:LTS / openssl1.0
Package
- Name
- openssl1.0
- Purl
- pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu4?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2n-1ubuntu4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libcrypto1.0.0-udeb",
"binary_version": "1.0.2n-1ubuntu4"
},
{
"binary_name": "libssl1.0-dev",
"binary_version": "1.0.2n-1ubuntu4"
},
{
"binary_name": "libssl1.0.0",
"binary_version": "1.0.2n-1ubuntu4"
},
{
"binary_name": "libssl1.0.0-dbgsym",
"binary_version": "1.0.2n-1ubuntu4"
},
{
"binary_name": "libssl1.0.0-udeb",
"binary_version": "1.0.2n-1ubuntu4"
},
{
"binary_name": "openssl1.0",
"binary_version": "1.0.2n-1ubuntu4"
},
{
"binary_name": "openssl1.0-dbgsym",
"binary_version": "1.0.2n-1ubuntu4"
}
]
}