CVE-2007-5135

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7	0.9.7
Openssl	Openssl	0.9.7a	0.9.7a
Openssl	Openssl	0.9.7b	0.9.7b
Openssl	Openssl	0.9.7c	0.9.7c
Openssl	Openssl	0.9.7d	0.9.7d
Openssl	Openssl	0.9.7e	0.9.7e
Openssl	Openssl	0.9.7f	0.9.7f
Openssl	Openssl	0.9.7g	0.9.7g
Openssl	Openssl	0.9.7h	0.9.7h
Openssl	Openssl	0.9.7i	0.9.7i
Openssl	Openssl	0.9.7j	0.9.7j
Openssl	Openssl	0.9.7k	0.9.7k
Openssl	Openssl	0.9.7l	0.9.7l
Openssl	Openssl	0.9.8	0.9.8
Openssl	Openssl	0.9.8a	0.9.8a
Openssl	Openssl	0.9.8b	0.9.8b
Openssl	Openssl	0.9.8c	0.9.8c
Openssl	Openssl	0.9.8d	0.9.8d
Openssl	Openssl	0.9.8e	0.9.8e
Openssl	Openssl	0.9.8f	0.9.8f
Red Hat Enterprise Linux 2.1	RedHat	openssl-0:0.9.6b-48	*
Red Hat Enterprise Linux 3	RedHat	openssl-0:0.9.7a-33.24	*
Red Hat Enterprise Linux 4	RedHat	openssl-0:0.9.7a-43.17.el4_6.1	*
Red Hat Enterprise Linux 5	RedHat	openssl-0:0.9.8b-8.3.el5_0.2	*
Openssl	Ubuntu	dapper	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	edgy	*
Openssl	Ubuntu	feisty	*
Openssl	Ubuntu	gutsy	*
Openssl	Ubuntu	hardy	*
Openssl	Ubuntu	intrepid	*
Openssl	Ubuntu	jaunty	*
Openssl	Ubuntu	karmic	*
Openssl	Ubuntu	upstream	*
Openssl097	Ubuntu	dapper	*
Openssl097	Ubuntu	edgy	*
Openssl097	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5135
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References