CVE-2007-5135
openssl: SSL_get_shared_ciphers() off-by-one
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un paquete diseñado que desencadena un subdesbordamiento de búfer de un byte. NOTA: este problema fue introducido como resultado de una corrección para CVE-2006-3738. A partir de 20071012, se desconoce si es posible la ejecución de código.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-09-27 CVE Reserved
- 2007-09-27 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-193: Off-by-one Error
CAPEC
References (77)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta1 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta2 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta3 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta4 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta5 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7" | beta6 |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7a Search vendor "Openssl" for product "Openssl" and version "0.9.7a" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7b Search vendor "Openssl" for product "Openssl" and version "0.9.7b" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7c Search vendor "Openssl" for product "Openssl" and version "0.9.7c" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7d Search vendor "Openssl" for product "Openssl" and version "0.9.7d" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7e Search vendor "Openssl" for product "Openssl" and version "0.9.7e" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7f Search vendor "Openssl" for product "Openssl" and version "0.9.7f" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7g Search vendor "Openssl" for product "Openssl" and version "0.9.7g" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7h Search vendor "Openssl" for product "Openssl" and version "0.9.7h" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7i Search vendor "Openssl" for product "Openssl" and version "0.9.7i" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7j Search vendor "Openssl" for product "Openssl" and version "0.9.7j" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7k Search vendor "Openssl" for product "Openssl" and version "0.9.7k" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.7l Search vendor "Openssl" for product "Openssl" and version "0.9.7l" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e" | - |
Affected
| ||||||
Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f" | - |
Affected
|