Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-3735)

Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Remediation

References

Related Vulnerabilities

Ruby Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-16254)

WordPress Plugin Under Construction Unspecified Vulnerability (3.85)

WordPress Plugin Twitter Feed Cross-Site Scripting (2.0.4)

WordPress Plugin Category Order and Taxonomy Terms Order Cross-Site Scripting (1.4.6)

WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)

Severity

Medium

Classification

CVE-2017-3735 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities