Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | 0.9.7 (including) | 0.9.7 (including) |
| Openssl | Openssl | 0.9.7-beta1 (including) | 0.9.7-beta1 (including) |
| Openssl | Openssl | 0.9.7-beta2 (including) | 0.9.7-beta2 (including) |
| Openssl | Openssl | 0.9.7-beta3 (including) | 0.9.7-beta3 (including) |
| Openssl | Openssl | 0.9.7-beta4 (including) | 0.9.7-beta4 (including) |
| Openssl | Openssl | 0.9.7-beta5 (including) | 0.9.7-beta5 (including) |
| Openssl | Openssl | 0.9.7-beta6 (including) | 0.9.7-beta6 (including) |
| Openssl | Openssl | 0.9.7a (including) | 0.9.7a (including) |
| Openssl | Openssl | 0.9.7b (including) | 0.9.7b (including) |
| Openssl | Openssl | 0.9.7c (including) | 0.9.7c (including) |
| Openssl | Openssl | 0.9.7d (including) | 0.9.7d (including) |
| Openssl | Openssl | 0.9.7e (including) | 0.9.7e (including) |
| Openssl | Openssl | 0.9.7f (including) | 0.9.7f (including) |
| Openssl | Openssl | 0.9.7g (including) | 0.9.7g (including) |
| Openssl | Openssl | 0.9.7h (including) | 0.9.7h (including) |
| Openssl | Openssl | 0.9.7i (including) | 0.9.7i (including) |
| Openssl | Openssl | 0.9.7j (including) | 0.9.7j (including) |
| Openssl | Openssl | 0.9.7k (including) | 0.9.7k (including) |
| Openssl | Openssl | 0.9.7l (including) | 0.9.7l (including) |
| Openssl | Openssl | 0.9.8 (including) | 0.9.8 (including) |
| Openssl | Openssl | 0.9.8a (including) | 0.9.8a (including) |
| Openssl | Openssl | 0.9.8b (including) | 0.9.8b (including) |
| Openssl | Openssl | 0.9.8c (including) | 0.9.8c (including) |
| Openssl | Openssl | 0.9.8d (including) | 0.9.8d (including) |
| Openssl | Openssl | 0.9.8e (including) | 0.9.8e (including) |
| Openssl | Openssl | 0.9.8f (including) | 0.9.8f (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | openssl-0:0.9.6b-48 | * |
| Red Hat Enterprise Linux 3 | RedHat | openssl-0:0.9.7a-33.24 | * |
| Red Hat Enterprise Linux 4 | RedHat | openssl-0:0.9.7a-43.17.el4_6.1 | * |
| Red Hat Enterprise Linux 5 | RedHat | openssl-0:0.9.8b-8.3.el5_0.2 | * |
| Openssl | Ubuntu | dapper | * |
| Openssl | Ubuntu | devel | * |
| Openssl | Ubuntu | edgy | * |
| Openssl | Ubuntu | feisty | * |
| Openssl | Ubuntu | gutsy | * |
| Openssl | Ubuntu | hardy | * |
| Openssl | Ubuntu | intrepid | * |
| Openssl | Ubuntu | jaunty | * |
| Openssl | Ubuntu | karmic | * |
| Openssl | Ubuntu | upstream | * |
| Openssl097 | Ubuntu | dapper | * |
| Openssl097 | Ubuntu | edgy | * |
| Openssl097 | Ubuntu | feisty | * |