Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | 0.9.1c (including) | 0.9.1c (including) |
| Openssl | Openssl | 0.9.2b (including) | 0.9.2b (including) |
| Openssl | Openssl | 0.9.3 (including) | 0.9.3 (including) |
| Openssl | Openssl | 0.9.4 (including) | 0.9.4 (including) |
| Openssl | Openssl | 0.9.5 (including) | 0.9.5 (including) |
| Openssl | Openssl | 0.9.5a (including) | 0.9.5a (including) |
| Openssl | Openssl | 0.9.6 (including) | 0.9.6 (including) |
| Openssl | Openssl | 0.9.6a (including) | 0.9.6a (including) |
| Openssl | Openssl | 0.9.6b (including) | 0.9.6b (including) |
| Openssl | Openssl | 0.9.6c (including) | 0.9.6c (including) |
| Openssl | Openssl | 0.9.6d (including) | 0.9.6d (including) |
| Openssl | Openssl | 0.9.7-beta1 (including) | 0.9.7-beta1 (including) |
| Openssl | Openssl | 0.9.7-beta2 (including) | 0.9.7-beta2 (including) |
| Application_server | Oracle | * | * |
| Application_server | Oracle | 1.0.2 (including) | 1.0.2 (including) |
| Application_server | Oracle | 1.0.2.1s (including) | 1.0.2.1s (including) |
| Application_server | Oracle | 1.0.2.2 (including) | 1.0.2.2 (including) |
| Corporate_time_outlook_connector | Oracle | 3.1 (including) | 3.1 (including) |
| Corporate_time_outlook_connector | Oracle | 3.1.1 (including) | 3.1.1 (including) |
| Corporate_time_outlook_connector | Oracle | 3.1.2 (including) | 3.1.2 (including) |
| Corporate_time_outlook_connector | Oracle | 3.3 (including) | 3.3 (including) |
| Http_server | Oracle | 9.0.1 (including) | 9.0.1 (including) |
| Http_server | Oracle | 9.2.0 (including) | 9.2.0 (including) |