← voltar
CVE-2007-5135

CVE-2007-5135

EPSS 16.1%
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.aschttp://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.vmware.com/pipermail/security-announce/2008/000002.htmlhttps://bugs.gentoo.org/show_bug.cgi?id=194039http://secunia.com/advisories/22130http://secunia.com/advisories/27012http://secunia.com/advisories/27021http://secunia.com/advisories/27031http://secunia.com/advisories/27051http://secunia.com/advisories/27078http://secunia.com/advisories/27097