CVE-2017-3735
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
We have discovered 353,824 live websites that are affected by CVE-2017-3735.
Affected Software
| Product |  OpenSSL |
| Category | Web Server Extensions |
| Vulnerable Domains | 353,824 live websites (52.78% of OpenSSL install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 5.00% of all versions) |
Details
- Published - Aug 28, 2017
- Updated - Sep 16, 2024
CVE References
CVE-2017-3735 usage by Country
 United States | 128,326 websites |
 Germany | 34,426 websites |
 Netherlands | 23,861 websites |
 Japan | 21,162 websites |
 Singapore | 13,939 websites |
 France | 10,884 websites |
 Korea, South | 9,721 websites |
 Russia | 8,463 websites |
 China | 7,756 websites |
CVE-2017-3735 usage by TLD
| .com | 128,510 websites |
| .de | 24,696 websites |
| .nl | 18,029 websites |
| .net | 14,017 websites |
| .org | 12,802 websites |
| .jp | 8,380 websites |
| .ru | 7,521 websites |
| .it | 6,328 websites |
| .cz | 5,055 websites |
| .com.br | 5,030 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2017-3735
Top websites that are affected by CVE-2017-3735. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.*************.se | United States | *** | |
| ****.com | United States | *** | |
| ********.*********.com | Singapore | *,*** | |
| ****.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| *.******.***.***.br |  Brazil | *,*** | |
| *************.com |  GB | *,*** | |
| *.*****.***.***.br | Brazil | *,*** | |
| ****.**.com | United States | *,*** |
References
- http://www.securitytracker.com/id/1039726
- https://usn.ubuntu.com/3611-2/
- https://www.debian.org/security/2017/dsa-4018
- https://security.gentoo.org/glsa/201712-03
- https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html
- https://access.redhat.com/errata/RHSA-2018:3505
- https://www.debian.org/security/2017/dsa-4017
- https://access.redhat.com/errata/RHSA-2018:3221
- http://www.securityfocus.com/bid/100515
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://security.netapp.com/advisory/ntap-20171107-0002/
- https://support.apple.com/HT208331
- https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822
- https://security.netapp.com/advisory/ntap-20170927-0001/
- https://www.tenable.com/security/tns-2017-15
- https://www.openssl.org/news/secadv/20171102.txt
- https://www.tenable.com/security/tns-2017-14
- https://www.openssl.org/news/secadv/20170828.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf