CVE-2007-5135

Scores

EPSS

0.515medium51.5%
0%20%40%60%80%100%

Percentile: 51.5%

CVSS

6.8medium2.0
0246810

CVSS Score: 6.8/10

All CVSS Scores

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-189CWE-193

Vulnerable Software (8)

Type: Configuration

Product: openssl

Operating System: rhel 2.1

Trait:
{  "fixed": "0.9.6b-48"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 3

Trait:
{  "fixed": "0.9.7a-33.24"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 4

Trait:
{  "fixed": "0.9.7a-43.17.el4_6.1"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: rhel 5

Trait:
{  "fixed": "0.9.8b-8.3.el5_0.2"}

Source: redhat

Type: Configuration

Product: openssl

Operating System: ubuntu hardy 8.04

Trait:
{  "fixed": "0.9.8e-5ubuntu2"}

Source: ubuntu

Type: Configuration

Product: openssl

Operating System: debian

Trait:
{  "fixed": "0.9.8e-9"}

Source: debian

Type: Configuration

Product: openssl

Operating System: debian sarge 3.1

Trait:
{  "fixed": "0.9.7e-3sarge5"}

Source: debian

Type: Configuration

Vendor: openssl

Product: openssl

Operating System: * * *

Trait:
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",...

Source: nvd