CVE-2007-4995 | Vulnerability Database | Aqua Security

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.8 (including)	0.9.8 (including)
Openssl	Openssl	0.9.8a (including)	0.9.8a (including)
Openssl	Openssl	0.9.8b (including)	0.9.8b (including)
Openssl	Openssl	0.9.8c (including)	0.9.8c (including)
Openssl	Openssl	0.9.8d (including)	0.9.8d (including)
Openssl	Openssl	0.9.8e (including)	0.9.8e (including)
Red Hat Enterprise Linux 5	RedHat	openssl-0:0.9.8b-8.3.el5_0.2	*
Openssl	Ubuntu	dapper	*
Openssl	Ubuntu	edgy	*
Openssl	Ubuntu	feisty	*
Openssl	Ubuntu	gutsy	*
Openssl	Ubuntu	upstream	*
Openssl097	Ubuntu	dapper	*
Openssl097	Ubuntu	edgy	*
Openssl097	Ubuntu	feisty	*

References

http://bugs.gentoo.org/show_bug.cgi?id=195634
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/25878
http://secunia.com/advisories/27205
http://secunia.com/advisories/27217
http://secunia.com/advisories/27271
http://secunia.com/advisories/27363
http://secunia.com/advisories/27434
http://secunia.com/advisories/27933
http://secunia.com/advisories/28084
http://secunia.com/advisories/30161
http://secunia.com/advisories/30220
http://secunia.com/advisories/30852
http://security.gentoo.org/glsa/glsa-200710-30.xml
http://securitytracker.com/id?1018810
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738962
http://www.debian.org/security/2008/dsa-1571
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:237
http://www.openssl.org/news/secadv_20071012.txt
http://www.redhat.com/support/errata/RHSA-2007-0964.html
http://www.securityfocus.com/archive/1/482167/100/0/threaded
http://www.securityfocus.com/bid/26055
http://www.vupen.com/english/advisories/2007/3487
http://www.vupen.com/english/advisories/2007/4219
http://www.vupen.com/english/advisories/2008/1937/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/37185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288
https://usn.ubuntu.com/534-1/
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html
http://bugs.gentoo.org/show_bug.cgi?id=195634
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/25878
http://secunia.com/advisories/27205
http://secunia.com/advisories/27217
http://secunia.com/advisories/27271
http://secunia.com/advisories/27363
http://secunia.com/advisories/27434
http://secunia.com/advisories/27933
http://secunia.com/advisories/28084
http://secunia.com/advisories/30161
http://secunia.com/advisories/30220
http://secunia.com/advisories/30852
http://security.gentoo.org/glsa/glsa-200710-30.xml
http://securitytracker.com/id?1018810
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=738962
http://www.debian.org/security/2008/dsa-1571
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:237
http://www.openssl.org/news/secadv_20071012.txt
http://www.redhat.com/support/errata/RHSA-2007-0964.html
http://www.securityfocus.com/archive/1/482167/100/0/threaded
http://www.securityfocus.com/bid/26055
http://www.vupen.com/english/advisories/2007/3487
http://www.vupen.com/english/advisories/2007/4219
http://www.vupen.com/english/advisories/2008/1937/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/37185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288
https://usn.ubuntu.com/534-1/
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4995
CWE	https://cwe.mitre.org/data/definitions/189.html