CVE-2007-4995

openssl dtls out of order vulnerabilitiy

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

Un error por un paso en la implementación de DTLS en OpenSSL versiones 0.9.8 anteriores a 0.9.8f, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados.

Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. All versions of 0.9.8 prior to 0.9.8f are affected. Moritz Jodeit found an off-by-one error in SSL_get_shared_ciphers(), a function that should normally only be used for logging or debugging. All releases of 0.9.8 prior to 0.9.8f and all releases of 0.9.7 prior to 0.9.7m are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-20 CVE Reserved
2007-10-12 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (33)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=195634	X_refsource_confirm
http://securitytracker.com/id?1018810	Vdb Entry
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962	X_refsource_misc
http://www.securityfocus.com/archive/1/482167/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/26055	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37185	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288	Signature

URL	Date	SRC

URL	Date	SRC
http://www.openssl.org/news/secadv_20071012.txt	2018-10-15

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html	2018-10-15
http://secunia.com/advisories/25878	2018-10-15
http://secunia.com/advisories/27205	2018-10-15
http://secunia.com/advisories/27217	2018-10-15
http://secunia.com/advisories/27271	2018-10-15
http://secunia.com/advisories/27363	2018-10-15
http://secunia.com/advisories/27434	2018-10-15
http://secunia.com/advisories/27933	2018-10-15
http://secunia.com/advisories/28084	2018-10-15
http://secunia.com/advisories/30161	2018-10-15
http://secunia.com/advisories/30220	2018-10-15
http://secunia.com/advisories/30852	2018-10-15
http://security.gentoo.org/glsa/glsa-200710-30.xml	2018-10-15
http://www.debian.org/security/2008/dsa-1571	2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:237	2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0964.html	2018-10-15
http://www.vupen.com/english/advisories/2007/3487	2018-10-15
http://www.vupen.com/english/advisories/2007/4219	2018-10-15
http://www.vupen.com/english/advisories/2008/1937/references	2018-10-15
https://usn.ubuntu.com/534-1	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-4995	2007-10-12
https://bugzilla.redhat.com/show_bug.cgi?id=321191	2007-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e"		-		Affected