CVE-2017-3735
published 2017-08-28CVE-2017-3735: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of…
PriorityP336medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
17.70%
96.8th percentile
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Affected
100 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_high_sierra_10.13.2_security_update_2017-002_sierra_and_security_update_20 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.1.0g-1 (bookworm) | openssl 1.1.0g-1 (bookworm) |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
CODESYS in Festo Automation Suite
cisa_ics·2026-03-17
CODESYS in Festo Automation Suite
ICS Advisory
##
CODESYS in Festo Automation Suite
Release DateMarch 17, 2026
Alert CodeICSA-26-076-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
3. TECHNICAL DETAILS
The following versions of CODESYS in Festo Automation Suite are affected:
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation Suite (versions prior to 2.8.0.138) installed with CODESYS Software CODESYS Development System (3.5.16.10) vers:all/*
- FESTO Software Festo Automation Suite (2.8.0.137) installed with CODESYS Software CODESYS Development System (3.0) vers:all/*
- FESTO Software Festo Automation
CISA ICS
Festo Controller CECC-S,-LK,-D Family Firmware (Update A)
cisa_ics·2025-11-13
Festo Controller CECC-S,-LK,-D Family Firmware (Update A)
ICS Advisory
##
Festo Controller CECC-S,-LK,-D Family Firmware (Update A)
Last RevisedNovember 13, 2025
Alert CodeICSA-25-273-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Festo
- Equipment: Controller CECC-S,-LK,-D Family Firmware
- Vulnerabilities: Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties, Out-of-bounds Write, Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Release of Memory afte
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
CISA ICS
PHOENIX CONTACT FL SWITCH
cisa_ics·2019-01-24·CVSS 8.6
[HIGH] PHOENIX CONTACT FL SWITCH
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
PHOENIX CONTACT FL SWITCH
Last RevisedJanuary 24, 2019
Alert CodeICSA-19-024-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 8.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: PHOENIX CONTACT
- Equipment: FL SWITCH
- Vulnerabilities: Cross-site Request Forgery, Improper Restriction of Excessive Authentication Attempts, Cleartext Transmission of Sensitive Information, Resource Exhaustion, Incorrectly Specified Destination in a Communication Channel, Insecure Storage of Sensitive Information, and Memory Corruption
## 2. RISK EVALUATION
Successful exploitation of
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2018-04-17·CVSS 5.3
CVE-2017-3735 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
USN-3611-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that OpenSSL incorrectly parsed the IPAddressFamily
extension in X.509 certificates, resulting in an erroneous display of the
certificate in text format. (CVE-2017-3735)
It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2018-0739)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Apple
CVE-2017-3735: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
vendor_apple·2017-12-06·CVSS 5.3
CVE-2017-3735 [MEDIUM] CVE-2017-3735: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
Product: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
CVE: CVE-2017-3735
Component: OpenSSL
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking.
BSD
FreeBSD-SA-17:11.openssl: OpenSSL multiple vulnerabilities
bsd_advisories·2017-11-29·CVSS 5.3
CVE-2017-3735 [MEDIUM] FreeBSD-SA-17:11.openssl: OpenSSL multiple vulnerabilities
FreeBSD-SA-17:11.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2017-11-29
Affects: All supported versions of FreeBSD.
Corrected: 2017-11-02 18:30:41 UTC (stable/11, 11.1-STABLE)
2017-11-29 05:59:12 UTC (releng/11.1, 11.1-RELEASE-p5)
2017-11-29 05:59:12 UTC (releng/11.0, 11.0-RELEASE-p16)
2017-11-29 05:35:28 UTC (stable/10, 10.4-STABLE)
2017-11-29 05:59:50 UTC (releng/10.4, 10.4-RELEASE-p4)
2017-11-29 05:59:50 UTC (releng/10.3, 10.3-RELEASE-p25)
CVE Name: CVE-2017-3735, CVE-2017-3736
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD includes software from the Open
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2017-11-06·CVSS 5.3
CVE-2017-3735 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
It was discovered that OpenSSL incorrectly parsed the IPAddressFamily
extension in X.509 certificates, resulting in an erroneous display of the
certificate in text format. (CVE-2017-3735)
It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery
squaring procedure. While unlikely, a remote attacker could possibly use
this issue to recover private keys. This issue only applied to Ubuntu 16.04
LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
openssl: Malformed X.509 IPAdressFamily could cause OOB read
vendor_redhat·2017-08-28·CVSS 5.3
CVE-2017-3735 [MEDIUM] CWE-125 openssl: Malformed X.509 IPAdressFamily could cause OOB read
openssl: Malformed X.509 IPAdressFamily could cause OOB read
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Statement: This flaw only exhibits itself when:
1. OpenSSL is used to display details of a local or a remote certificate.
2. The certificate contains the uncommon RFC 3779 IPAddressFamily extension.
The maximum impact of this flaw is garbled information being displayed, there is no impact on the availability of service using such a certificate. Also this flaw can NOT be used to create specially-crafted certificates. Red Hat Product Security has rated
Debian
CVE-2017-3735: openssl - While parsing an IPAddressFamily extension in an X.509 certificate, it is possib...
vendor_debian·2017·CVSS 5.3
CVE-2017-3735 [MEDIUM] CVE-2017-3735: openssl - While parsing an IPAddressFamily extension in an X.509 certificate, it is possib...
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Scope: local
bookworm: resolved (fixed in 1.1.0g-1)
bullseye: resolved (fixed in 1.1.0g-1)
forky: resolved (fixed in 1.1.0g-1)
sid: resolved (fixed in 1.1.0g-1)
trixie: resolved (fixed in 1.1.0g-1)
GHSA
GHSA-6h3q-hmhp-4vgv: While parsing an IPAddressFamily extension in an X
ghsa_unreviewed·2022-05-13
CVE-2017-3735 [MEDIUM] CWE-119 GHSA-6h3q-hmhp-4vgv: While parsing an IPAddressFamily extension in an X
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
OSV
openssl vulnerabilities
osv·2017-11-06·CVSS 5.3
CVE-2017-3735 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
It was discovered that OpenSSL incorrectly parsed the IPAddressFamily
extension in X.509 certificates, resulting in an erroneous display of the
certificate in text format. (CVE-2017-3735)
It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery
squaring procedure. While unlikely, a remote attacker could possibly use
this issue to recover private keys. This issue only applied to Ubuntu 16.04
LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736)
OSV
CVE-2017-3735: While parsing an IPAddressFamily extension in an X
osv·2017-08-28·CVSS 5.3
CVE-2017-3735 [MEDIUM] CVE-2017-3735: While parsing an IPAddressFamily extension in an X
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
No detection rules found.
No public exploits indexed.
Tenable
[R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities
blogs_tenable·2017-12-05
[R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
[R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities
blogs_tenable·2017-11-14
[R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2017-3735 mingw-openssl: openssl: Malformed X.509 IPAdressFamily could cause OOB read [epel-7]
bugzilla·2017-08-29·CVSS 5.3
CVE-2017-3735 [MEDIUM] CVE-2017-3735 mingw-openssl: openssl: Malformed X.509 IPAdressFamily could cause OOB read [epel-7]
CVE-2017-3735 mingw-openssl: openssl: Malformed X.509 IPAdressFamily could cause OOB read [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following temp
Bugzilla
CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read
bugzilla·2017-08-29·CVSS 5.3
CVE-2017-3735 [MEDIUM] CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read
CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
External References:
https://www.openssl.org/news/secadv/20170828.txt
References:
https://github.com/openssl/openssl/pull/4276
Discussion:
Created mingw-openssl tracking bugs for this issue:
Affects: epel-7 [bug 1486145]
Affects: fedora-all [bug 1486147]
Created openssl tracking bugs for this issue:
Affects: fedora-all [bug 1486146]
---
CVSS3 Base Score is 5.3 (https://access.redhat.com/security/cve/cve-2017-3735), which means RedHat is failed on PCI compliance (pg. 31 in https://www.pcisecuritystandards.or
Bugzilla
CVE-2017-3735 CVE-2017-3736 openssl: various flaws [fedora-all]
bugzilla·2017-08-29·CVSS 5.3
CVE-2017-3735 [MEDIUM] CVE-2017-3735 CVE-2017-3736 openssl: various flaws [fedora-all]
CVE-2017-3735 CVE-2017-3736 openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Wh
Bugzilla
CVE-2017-3735 CVE-2017-3736 mingw-openssl: various flaws [fedora-all]
bugzilla·2017-08-29·CVSS 5.3
CVE-2017-3735 [MEDIUM] CVE-2017-3735 CVE-2017-3736 mingw-openssl: various flaws [fedora-all]
CVE-2017-3735 CVE-2017-3736 mingw-openssl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedo
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/100515http://www.securitytracker.com/id/1039726https://access.redhat.com/errata/RHSA-2018:3221https://access.redhat.com/errata/RHSA-2018:3505https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822https://lists.debian.org/debian-lts-announce/2017/11/msg00011.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.aschttps://security.gentoo.org/glsa/201712-03https://security.netapp.com/advisory/ntap-20170927-0001/https://security.netapp.com/advisory/ntap-20171107-0002/https://support.apple.com/HT208331https://usn.ubuntu.com/3611-2/https://www.debian.org/security/2017/dsa-4017https://www.debian.org/security/2017/dsa-4018https://www.openssl.org/news/secadv/20170828.txthttps://www.openssl.org/news/secadv/20171102.txthttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.tenable.com/security/tns-2017-14https://www.tenable.com/security/tns-2017-15http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/100515http://www.securitytracker.com/id/1039726https://access.redhat.com/errata/RHSA-2018:3221https://access.redhat.com/errata/RHSA-2018:3505https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822https://lists.debian.org/debian-lts-announce/2017/11/msg00011.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.aschttps://security.gentoo.org/glsa/201712-03https://security.netapp.com/advisory/ntap-20170927-0001/https://security.netapp.com/advisory/ntap-20171107-0002/https://support.apple.com/HT208331https://usn.ubuntu.com/3611-2/https://www.debian.org/security/2017/dsa-4017https://www.debian.org/security/2017/dsa-4018https://www.openssl.org/news/secadv/20170828.txthttps://www.openssl.org/news/secadv/20171102.txthttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.tenable.com/security/tns-2017-14https://www.tenable.com/security/tns-2017-15
2017-08-28
Published