Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
2007-09-27T20:17:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7a | Yes |
| Application | openssl | openssl | 0.9.7b | Yes |
| Application | openssl | openssl | 0.9.7c | Yes |
| Application | openssl | openssl | 0.9.7d | Yes |
| Application | openssl | openssl | 0.9.7e | Yes |
| Application | openssl | openssl | 0.9.7f | Yes |
| Application | openssl | openssl | 0.9.7g | Yes |
| Application | openssl | openssl | 0.9.7h | Yes |
| Application | openssl | openssl | 0.9.7i | Yes |
| Application | openssl | openssl | 0.9.7j | Yes |
| Application | openssl | openssl | 0.9.7k | Yes |
| Application | openssl | openssl | 0.9.7l | Yes |
| Application | openssl | openssl | 0.9.8 | Yes |
| Application | openssl | openssl | 0.9.8a | Yes |
| Application | openssl | openssl | 0.9.8b | Yes |
| Application | openssl | openssl | 0.9.8c | Yes |
| Application | openssl | openssl | 0.9.8d | Yes |
| Application | openssl | openssl | 0.9.8e | Yes |
| Application | openssl | openssl | 0.9.8f | Yes |