From https://www.openssl.org/news/secadv/20170828.txt
OpenSSL Security Advisory [28 Aug 2017] ======================================== Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) =================================================================== Severity: Low If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. As this is a low severity fix, no release is being made. The fix can be found in the source repository (1.0.2, 1.1.0, and master branches); see https://github.com/openssl/openssl/pull/4276. This bug has been present since 2006. This issue was found by Google's OSS-Fuzz project on August 22. The fix was developed by Rich Salz of the OpenSSL development team.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
