Vulnerability-Lookup

CVE-2007-5135 (GCVE-0-2007-5135)

Vulnerability from cvelistv5 – Published: 2007-09-27 20:00 – Updated: 2024-08-07 15:17

Summary

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

76 references

URL	Tags
https://bugs.gentoo.org/show_bug.cgi?id=194039	x_refsource_MISC
http://www.securityfocus.com/archive/1/484353/100…	vendor-advisoryx_refsource_HP
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/481217/100…	mailing-listx_refsource_BUGTRAQ
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241	x_refsource_CONFIRM
http://secunia.com/advisories/27205	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27097	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2362	vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1018755	vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/31489	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2007-10…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/29242	third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
https://issues.rpath.com/browse/RPL-1770	x_refsource_CONFIRM
http://secunia.com/advisories/27186	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27851	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2268	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/30124	third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/27394	third-party-advisoryx_refsource_SECUNIA
http://www.openbsd.org/errata41.html	vendor-advisoryx_refsource_OPENBSD
http://www.securityfocus.com/archive/1/481506/100…	mailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/485936/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/31308	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/22130	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27031	third-party-advisoryx_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2007/3625	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/480855/100…	mailing-listx_refsource_BUGTRAQ
http://security.freebsd.org/advisories/FreeBSD-SA…	vendor-advisoryx_refsource_FREEBSD
https://usn.ubuntu.com/522-1/	vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2008/2361	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/27217	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/31467	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27961	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-09…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/27870	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25831	vdb-entryx_refsource_BID
http://www.debian.org/security/2007/dsa-1379	vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/4042	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/481488/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/27330	third-party-advisoryx_refsource_SECUNIA
http://www14.software.ibm.com/webapp/set2/subscri…	x_refsource_CONFIRM
http://secunia.com/advisories/30161	third-party-advisoryx_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www14.software.ibm.com/webapp/set2/subscri…	x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
http://secunia.com/advisories/28368	third-party-advisoryx_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1769	x_refsource_CONFIRM
http://secunia.com/advisories/27012	third-party-advisoryx_refsource_SECUNIA
http://securityreason.com/securityalert/3179	third-party-advisoryx_refsource_SREASON
http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
http://secunia.com/advisories/27229	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27051	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/31326	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27078	third-party-advisoryx_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200710-06.xml	vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/archive/1/484353/100…	vendor-advisoryx_refsource_HP
ftp://ftp.netbsd.org/pub/NetBSD/security/advisori…	vendor-advisoryx_refsource_NETBSD
http://www.openssl.org/news/secadv_20071012.txt	x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.openbsd.org/errata40.html	vendor-advisoryx_refsource_OPENBSD
http://www.openbsd.org/errata42.html	vendor-advisoryx_refsource_OPENBSD
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.redhat.com/support/errata/RHSA-2007-08…	vendor-advisoryx_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
http://www.vupen.com/english/advisories/2007/3325	vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/4144	vdb-entryx_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0064	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/27021	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.securityfocus.com/archive/1/486859/100…	mailing-listx_refsource_BUGTRAQ

Date Public

2007-09-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
          },
          {
            "name": "HPSBUX02292",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:5337",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
          },
          {
            "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
          },
          {
            "name": "27205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27205"
          },
          {
            "name": "27097",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27097"
          },
          {
            "name": "ADV-2008-2362",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2362"
          },
          {
            "name": "1018755",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018755"
          },
          {
            "name": "31489",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31489"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "FEDORA-2007-725",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
          },
          {
            "name": "RHSA-2007:1003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
          },
          {
            "name": "29242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "MDKSA-2007:193",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1770"
          },
          {
            "name": "27186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27186"
          },
          {
            "name": "27851",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27851"
          },
          {
            "name": "ADV-2008-2268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "30124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "name": "SUSE-SR:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "27394",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27394"
          },
          {
            "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata41.html"
          },
          {
            "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:10904",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
          },
          {
            "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
          },
          {
            "name": "31308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31308"
          },
          {
            "name": "22130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "name": "27031",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27031"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
          },
          {
            "name": "ADV-2007-3625",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3625"
          },
          {
            "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
          },
          {
            "name": "FreeBSD-SA-07:08",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
          },
          {
            "name": "USN-522-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/522-1/"
          },
          {
            "name": "ADV-2008-2361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2361"
          },
          {
            "name": "27217",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27217"
          },
          {
            "name": "31467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31467"
          },
          {
            "name": "27961",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27961"
          },
          {
            "name": "RHSA-2007:0964",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
          },
          {
            "name": "27870",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27870"
          },
          {
            "name": "25831",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25831"
          },
          {
            "name": "DSA-1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1379"
          },
          {
            "name": "ADV-2007-4042",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4042"
          },
          {
            "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
          },
          {
            "name": "27330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27330"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
          },
          {
            "name": "30161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "name": "GLSA-200805-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
          },
          {
            "name": "28368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28368"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1769"
          },
          {
            "name": "27012",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27012"
          },
          {
            "name": "3179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3179"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
          },
          {
            "name": "27229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27229"
          },
          {
            "name": "27051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27051"
          },
          {
            "name": "31326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "27078",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27078"
          },
          {
            "name": "GLSA-200710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
          },
          {
            "name": "SSRT071499",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
          },
          {
            "name": "NetBSD-SA2008-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20071012.txt"
          },
          {
            "name": "200858",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
          },
          {
            "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata40.html"
          },
          {
            "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata42.html"
          },
          {
            "name": "openssl-sslgetshared-bo(36837)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
          },
          {
            "name": "RHSA-2007:0813",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
          },
          {
            "name": "SUSE-SR:2007:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
          },
          {
            "name": "ADV-2007-3325",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3325"
          },
          {
            "name": "ADV-2007-4144",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
          },
          {
            "name": "ADV-2008-0064",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0064"
          },
          {
            "name": "27021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27021"
          },
          {
            "name": "103130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
          },
          {
            "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
        },
        {
          "name": "HPSBUX02292",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:5337",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
        },
        {
          "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
        },
        {
          "name": "27205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27205"
        },
        {
          "name": "27097",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27097"
        },
        {
          "name": "ADV-2008-2362",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2362"
        },
        {
          "name": "1018755",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018755"
        },
        {
          "name": "31489",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31489"
        },
        {
          "name": "APPLE-SA-2008-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
        },
        {
          "name": "FEDORA-2007-725",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
        },
        {
          "name": "RHSA-2007:1003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
        },
        {
          "name": "29242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29242"
        },
        {
          "name": "MDKSA-2007:193",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1770"
        },
        {
          "name": "27186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27186"
        },
        {
          "name": "27851",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27851"
        },
        {
          "name": "ADV-2008-2268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2268"
        },
        {
          "name": "30124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30124"
        },
        {
          "name": "SUSE-SR:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
        },
        {
          "name": "27394",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27394"
        },
        {
          "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata41.html"
        },
        {
          "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:10904",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
        },
        {
          "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
        },
        {
          "name": "31308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31308"
        },
        {
          "name": "22130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22130"
        },
        {
          "name": "27031",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27031"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
        },
        {
          "name": "ADV-2007-3625",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3625"
        },
        {
          "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
        },
        {
          "name": "FreeBSD-SA-07:08",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
        },
        {
          "name": "USN-522-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/522-1/"
        },
        {
          "name": "ADV-2008-2361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2361"
        },
        {
          "name": "27217",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27217"
        },
        {
          "name": "31467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31467"
        },
        {
          "name": "27961",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27961"
        },
        {
          "name": "RHSA-2007:0964",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
        },
        {
          "name": "27870",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27870"
        },
        {
          "name": "25831",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25831"
        },
        {
          "name": "DSA-1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1379"
        },
        {
          "name": "ADV-2007-4042",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4042"
        },
        {
          "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
        },
        {
          "name": "27330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27330"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
        },
        {
          "name": "30161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30161"
        },
        {
          "name": "GLSA-200805-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
        },
        {
          "name": "28368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28368"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1769"
        },
        {
          "name": "27012",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27012"
        },
        {
          "name": "3179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3179"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
        },
        {
          "name": "27229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27229"
        },
        {
          "name": "27051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27051"
        },
        {
          "name": "31326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31326"
        },
        {
          "name": "27078",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27078"
        },
        {
          "name": "GLSA-200710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
        },
        {
          "name": "SSRT071499",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
        },
        {
          "name": "NetBSD-SA2008-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20071012.txt"
        },
        {
          "name": "200858",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
        },
        {
          "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata40.html"
        },
        {
          "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata42.html"
        },
        {
          "name": "openssl-sslgetshared-bo(36837)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
        },
        {
          "name": "RHSA-2007:0813",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
        },
        {
          "name": "SUSE-SR:2007:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
        },
        {
          "name": "ADV-2007-3325",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3325"
        },
        {
          "name": "ADV-2007-4144",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
        },
        {
          "name": "ADV-2008-0064",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0064"
        },
        {
          "name": "27021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27021"
        },
        {
          "name": "103130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
        },
        {
          "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.gentoo.org/show_bug.cgi?id=194039",
              "refsource": "MISC",
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
            },
            {
              "name": "HPSBUX02292",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:5337",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
            },
            {
              "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
            },
            {
              "name": "27205",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27205"
            },
            {
              "name": "27097",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27097"
            },
            {
              "name": "ADV-2008-2362",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2362"
            },
            {
              "name": "1018755",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018755"
            },
            {
              "name": "31489",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31489"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "FEDORA-2007-725",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
            },
            {
              "name": "RHSA-2007:1003",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "MDKSA-2007:193",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1770",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1770"
            },
            {
              "name": "27186",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27186"
            },
            {
              "name": "27851",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27851"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "30124",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30124"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "27394",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27394"
            },
            {
              "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata41.html"
            },
            {
              "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:10904",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
            },
            {
              "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
            },
            {
              "name": "31308",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31308"
            },
            {
              "name": "22130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22130"
            },
            {
              "name": "27031",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27031"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
            },
            {
              "name": "ADV-2007-3625",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3625"
            },
            {
              "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
            },
            {
              "name": "FreeBSD-SA-07:08",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
            },
            {
              "name": "USN-522-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/522-1/"
            },
            {
              "name": "ADV-2008-2361",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2361"
            },
            {
              "name": "27217",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27217"
            },
            {
              "name": "31467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31467"
            },
            {
              "name": "27961",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27961"
            },
            {
              "name": "RHSA-2007:0964",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
            },
            {
              "name": "27870",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27870"
            },
            {
              "name": "25831",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25831"
            },
            {
              "name": "DSA-1379",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1379"
            },
            {
              "name": "ADV-2007-4042",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4042"
            },
            {
              "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
            },
            {
              "name": "27330",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27330"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
            },
            {
              "name": "30161",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "GLSA-200805-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
            },
            {
              "name": "28368",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28368"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1769",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1769"
            },
            {
              "name": "27012",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27012"
            },
            {
              "name": "3179",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3179"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
            },
            {
              "name": "27229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27229"
            },
            {
              "name": "27051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27051"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "27078",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27078"
            },
            {
              "name": "GLSA-200710-06",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
            },
            {
              "name": "SSRT071499",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
            },
            {
              "name": "NetBSD-SA2008-007",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20071012.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20071012.txt"
            },
            {
              "name": "200858",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
            },
            {
              "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata40.html"
            },
            {
              "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata42.html"
            },
            {
              "name": "openssl-sslgetshared-bo(36837)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
            },
            {
              "name": "RHSA-2007:0813",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
            },
            {
              "name": "SUSE-SR:2007:020",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
            },
            {
              "name": "ADV-2007-3325",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3325"
            },
            {
              "name": "ADV-2007-4144",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4144"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
            },
            {
              "name": "ADV-2008-0064",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0064"
            },
            {
              "name": "27021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27021"
            },
            {
              "name": "103130",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
            },
            {
              "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5135",
    "datePublished": "2007-09-27T20:00:00.000Z",
    "dateReserved": "2007-09-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:17:28.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-5135",
      "date": "2026-05-25",
      "epss": "0.53124",
      "percentile": "0.98003"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45A518E8-21BE-4C5C-B425-410AB1208E9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E3AB748-E463-445C-ABAB-4FEDDFD1878B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"660E4B8D-AABA-4520-BC4D-CF8E76E07C05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"85BFEED5-4941-41BB-93D1-CD5C2A41290E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"9644CC68-1E91-45E7-8C53-1E3FC9976A4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*\", \"matchCriteriaId\": \"73934717-2DA3-4614-A076-D6EDA5EB0626\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78E79A05-64F3-4397-952C-A5BB950C967D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"549BB01D-F322-4FE3-BDA2-4FEA8ED8568A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98693865-2E79-4BD6-9F89-1994BC9A3E73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6476506-EC37-4726-82DC-D0E8254A8CDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D6ECEF7-CB16-4604-894B-6EB19F1CEF55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C81EF3D-4DB7-4799-9670-8D79E28CA184\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8116A66-175C-4E6D-9A9B-D54C1D97D213\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"382C1679-DA1D-4FA4-9D5E-B86CC5052D49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CA28812-8A24-4FE1-BED9-D6D5BB023645\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9894D83E-2A27-446E-8B47-9C03CF802A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A4E446D-B9D3-45F2-9722-B41FA14A6C31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF4EA988-FC80-4170-8933-7C6663731981\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64F8F53B-24A1-4877-B16E-F1917C4E4E81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75D3ACD5-905F-42BB-BE1A-8382E9D823BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"766EA6F2-7FA4-4713-9859-9971CCD2FDCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BB38AEA-BAF0-4920-9A71-747C24444770\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.\"}, {\"lang\": \"es\", \"value\": \"Un error por un paso en la funci\\u00f3n SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podr\\u00eda permitir a atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de un paquete dise\\u00f1ado que desencadena un subdesbordamiento de b\\u00fafer de un byte. NOTA: este problema fue introducido como resultado de una correcci\\u00f3n para CVE-2006-3738. A partir de 20071012, se desconoce si es posible la ejecuci\\u00f3n de c\\u00f3digo.\"}]",
      "id": "CVE-2007-5135",
      "lastModified": "2024-11-21T00:37:12.343",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-09-27T20:17:00.000",
      "references": "[{\"url\": \"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2008/000002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22130\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27012\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27021\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27031\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27051\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27078\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27097\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27186\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27205\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27217\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27229\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27330\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27394\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27851\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27870\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27961\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28368\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29242\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30124\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30161\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31308\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31326\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31467\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31489\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200710-06.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3179\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1379\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:193\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_20_sr.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openbsd.org/errata40.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openbsd.org/errata41.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openbsd.org/errata42.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openssl.org/news/secadv_20071012.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0813.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0964.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-1003.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/480855/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481217/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481488/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481506/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484353/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484353/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/485936/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486859/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25831\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018755\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0013.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3325\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3625\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4042\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4144\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0064\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2268\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2361\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2362\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.gentoo.org/show_bug.cgi?id=194039\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36837\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-1769\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-1770\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/522-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2008/000002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22130\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27051\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27078\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27097\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27186\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27205\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27217\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27229\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27330\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27394\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27851\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27870\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27961\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29242\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30124\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31308\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31326\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200710-06.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3179\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1379\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:193\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_20_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openbsd.org/errata40.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openbsd.org/errata41.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openbsd.org/errata42.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openssl.org/news/secadv_20071012.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0964.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-1003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/480855/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481217/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481488/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481506/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484353/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484353/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/485936/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486859/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25831\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3325\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3625\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4144\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0064\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2268\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2361\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2362\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.gentoo.org/show_bug.cgi?id=194039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-1769\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-1770\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/522-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5135\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-09-27T20:17:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.\"},{\"lang\":\"es\",\"value\":\"Un error por un paso en la funci\u00f3n SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un paquete dise\u00f1ado que desencadena un subdesbordamiento de b\u00fafer de un byte. NOTA: este problema fue introducido como resultado de una correcci\u00f3n para CVE-2006-3738. A partir de 20071012, se desconoce si es posible la ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A518E8-21BE-4C5C-B425-410AB1208E9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E3AB748-E463-445C-ABAB-4FEDDFD1878B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"660E4B8D-AABA-4520-BC4D-CF8E76E07C05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"85BFEED5-4941-41BB-93D1-CD5C2A41290E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9644CC68-1E91-45E7-8C53-1E3FC9976A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"73934717-2DA3-4614-A076-D6EDA5EB0626\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78E79A05-64F3-4397-952C-A5BB950C967D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"549BB01D-F322-4FE3-BDA2-4FEA8ED8568A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98693865-2E79-4BD6-9F89-1994BC9A3E73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6476506-EC37-4726-82DC-D0E8254A8CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6ECEF7-CB16-4604-894B-6EB19F1CEF55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C81EF3D-4DB7-4799-9670-8D79E28CA184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8116A66-175C-4E6D-9A9B-D54C1D97D213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"382C1679-DA1D-4FA4-9D5E-B86CC5052D49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA28812-8A24-4FE1-BED9-D6D5BB023645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9894D83E-2A27-446E-8B47-9C03CF802A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4E446D-B9D3-45F2-9722-B41FA14A6C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF4EA988-FC80-4170-8933-7C6663731981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64F8F53B-24A1-4877-B16E-F1917C4E4E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75D3ACD5-905F-42BB-BE1A-8382E9D823BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766EA6F2-7FA4-4713-9859-9971CCD2FDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BB38AEA-BAF0-4920-9A71-747C24444770\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22130\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27012\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27021\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27031\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27051\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27078\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27097\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27186\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27205\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27217\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27229\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27330\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27394\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27851\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27870\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27961\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28368\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29242\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30124\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30161\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31308\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31326\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31467\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31489\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200710-06.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3179\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1379\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:193\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_20_sr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openbsd.org/errata40.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openbsd.org/errata41.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openbsd.org/errata42.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openssl.org/news/secadv_20071012.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0813.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0964.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-1003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/480855/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/481217/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/481488/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/481506/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/484353/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/485936/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486859/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25831\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018755\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0013.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3325\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3625\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4042\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4144\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0064\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2268\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2361\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2362\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.gentoo.org/show_bug.cgi?id=194039\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36837\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1769\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1770\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/522-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27078\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27097\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27851\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29242\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200710-06.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_20_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openbsd.org/errata40.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openbsd.org/errata41.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openbsd.org/errata42.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openssl.org/news/secadv_20071012.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0964.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-1003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/480855/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481217/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481488/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481506/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484353/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/485936/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486859/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3325\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.gentoo.org/show_bug.cgi?id=194039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/522-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTA-2007-AVI-423

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités affectent OpenSSL. La première permet à un utilisateur malveillant d'accéder à des données sensibles. La seconde permettrait à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Une erreur entache l'implantation de l'algorithme de multiplication avec réduction modulaire de Montgomery. Cette erreur permet à un utilisateur malveillant de reconstruire la clé secrète utilisée.

Un défaut de vérification de taille de tampon mémoire existe dans la fonction SSL_get_shared_ciphers. Cette vulnérabilité permet à un utilisateur malveillant de provoquer un déni de service et lui permettrait d'exécuter du code arbitraire à distance.

Solution

La version 0.9.8-stable corrige ces problèmes. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenSSL, versions 0.9.8d et précédentes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin Ubuntu USN-522-1 du 29 septembre 2007	None	vendor-advisory
Bulletin de sécurité SuSE SUSE-SR:2007:020 du 12 octobre 2007 :	-	other
Bulletin de sécurité OpenBSD ID 17 du 10 octobre 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:193 du 04 octobre 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0964 du 12 octobre 2007 :	-	other
Bulletin de sécurité Blue Coat du 27 novembre 2007 :	-	other
Bulletin de sécurité FreeBSD SA-07:08 du 03 octobre 2007 :	-	other
Correctif OpenSSL du 29 juin 2007 :	-	other
Bulletin de sécurité Debian DSA-1379-1 du 02 octobre 2007 :	-	other
Bulletin de sécurité Ubuntu USN-522-1 du 29 septembre 2007 :	-	other
Bulletin OpenSSL du 19 septembre 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200710-06 du 07 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eOpenSSL, versions 0.9.8d et pr\u00e9c\u00e9dentes.\u003c/P\u003e",
  "content": "## Description\n\nUne erreur entache l\u0027implantation de l\u0027algorithme de multiplication avec\nr\u00e9duction modulaire de Montgomery. Cette erreur permet \u00e0 un utilisateur\nmalveillant de reconstruire la cl\u00e9 secr\u00e8te utilis\u00e9e.\n\n  \n  \n\nUn d\u00e9faut de v\u00e9rification de taille de tampon m\u00e9moire existe dans la\nfonction SSL_get_shared_ciphers. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un\nutilisateur malveillant de provoquer un d\u00e9ni de service et lui\npermettrait d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nLa version 0.9.8-stable corrige ces probl\u00e8mes. Se r\u00e9f\u00e9rer au bulletin de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-4995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4995"
    },
    {
      "name": "CVE-2007-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3108"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2007:020 du 12 octobre    2007 :",
      "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD ID 17 du 10 octobre 2007 :",
      "url": "http://www.openbsd.org/errata40.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:193 du 04 octobre    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0964 du 12 octobre    2007 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2007:0964.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat du 27 novembre 2007 :",
      "url": "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-07:08 du 03 octobre 2007 :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
    },
    {
      "title": "Correctif OpenSSL du 29 juin 2007 :",
      "url": "http://openssl.org/news/patch-CVE-2007-3108.txt"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1379-1 du 02 octobre 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1379"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-522-1 du 29 septembre 2007    :",
      "url": "http://www.ubuntulinux.org/usn/usn-522-1"
    },
    {
      "title": "Bulletin OpenSSL du 19 septembre 2007 :",
      "url": "http://cvs.openssl.org/chngview?cn=16587"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200710-06 du 07 octobre    2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-06.xml"
    }
  ],
  "reference": "CERTA-2007-AVI-423",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-04T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE-2007-4995 et des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 OpenBSD, Gentoo, Red Hat, SuSE et Mandriva.",
      "revision_date": "2007-10-17T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence Blue Coat.",
      "revision_date": "2007-11-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s affectent OpenSSL. La premi\u00e8re permet \u00e0 un\nutilisateur malveillant d\u0027acc\u00e9der \u00e0 des donn\u00e9es sensibles. La seconde\npermettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s d\u0027OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Ubuntu USN-522-1 du 29 septembre 2007",
      "url": null
    }
  ]
}

CERTA-2008-AVI-008

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités sur VMWare ESX Server et VirtualCenter Management Server permettent notamment à une personne malintentionnée distante d'exécuter du code arbitraire.

Description

De multiples vulnérabilités existent sur VMWare ESX Server. Celles-ci concernent des modules ou logiciels utilisés par le serveur et récemment mis à jour : OpenPegasus, Tomcat, Samba, OpenSSL, JRE, util-linux, et Perl. Certaines de ces failles permettent notamment à une personne malintentionnée distante d'exécuter du code arbitraire.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VirtualCenter Management Server 2.
VMware	N/A	VMWare ESX Server 2.0.x ;
VMware	N/A	VMWare ESX Server 3.0.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008 :	-	other
Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VirtualCenter Management Server 2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 2.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 3.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s existent sur VMWare ESX Server. Celles-ci\nconcernent des modules ou logiciels utilis\u00e9s par le serveur et r\u00e9cemment\nmis \u00e0 jour : OpenPegasus, Tomcat, Samba, OpenSSL, JRE, util-linux, et\nPerl. Certaines de ces failles permettent notamment \u00e0 une personne\nmalintentionn\u00e9e distante d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5360"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-5116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
    },
    {
      "name": "CVE-2007-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3004"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-5398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5398"
    },
    {
      "name": "CVE-2007-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3108"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    },
    {
      "name": "CVE-2006-7195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
    },
    {
      "name": "CVE-2007-5191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5191"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    }
  ],
  "reference": "CERTA-2008-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sur \u003cspan class=\"textit\"\u003eVMWare ESX\nServer\u003c/span\u003e et \u003cspan class=\"textit\"\u003eVirtualCenter Management\nServer\u003c/span\u003e permettent notamment \u00e0 une personne malintentionn\u00e9e\ndistante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier 2008",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-388

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant entre autres l'exécution de code arbitraire à distance, et concernant le système d'exploitaiton Mac OS X, ont été corrigées.

Description

Plusieurs vulnérabilités concernant Mac OS X ont été corrigées :

Open Scripting Architecture : une mauvaise gestion des droits des plugins permet à un utilisateur malveillant local d'élever ses privilèges.
BIND : une mauvaise gestion de l'aléa et un vulnérabilité protocolaire permettent de corrompre le cache du DNS.
CarbonCore : une vulnérabilité dans les gestion des noms longs de fichier permet l'exécution de code arbitraire.
CoreGraphics : une corruption de mémoire permet l'exécution de code arbitraire, par exemple à l'aide d'un site Web spécifiquement réalisé.
CoreGraphics : un dépassement d'entier lors de la gestion de fichiers au format PDF permet l'exécution de code arbitraire.
Data Detectors Engine : la visualisation d'un message spécifiquement créé permet de provoquer un déni de service de l'application.
Disk Utility : après l'utilisation de l'outil Repair Permissions il est possible d'exécuter des commandes avec les droits sytème à l'aide d'emacs.
OpenLDAP : un message spécifiquement réalisé permet de provoquer un déni de service de l'application.
OpenSSL : une vulnérabilité dans la fonction SSL_get_shared_ciphers() permet de provoquer un déni de service de l'application.
PHP : plusieurs vulnérabilités, dont certaines permettant l'exécution de code arbitraire, ont été corrigées.
QuickLook : un document au format Microsoft Office spécifiquement réalisé permet l'exécution de code arbitraire.
rsync : l'utilisation de liens symboliques permet de modifier des fichiers hors du module.

Solution

Se référer au bulletin de sécurité d'Apple HT2647 du 1 août 2008 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.4.11 ;
N/A	N/A	Mac OS X Server 10.4 ;
N/A	N/A	Mac OS X 10.5.4.
N/A	N/A	Mac OS X Server 10.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT2647 du 1 août 2008	None	vendor-advisory
Bulletin de sécurité Apple HT2647 du 01 août 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant Mac OS X ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Open Scripting Architecture : une mauvaise gestion des droits des\n    plugins permet \u00e0 un utilisateur malveillant local d\u0027\u00e9lever ses\n    privil\u00e8ges.\n-   BIND : une mauvaise gestion de l\u0027al\u00e9a et un vuln\u00e9rabilit\u00e9\n    protocolaire permettent de corrompre le cache du DNS.\n-   CarbonCore : une vuln\u00e9rabilit\u00e9 dans les gestion des noms longs de\n    fichier permet l\u0027ex\u00e9cution de code arbitraire.\n-   CoreGraphics : une corruption de m\u00e9moire permet l\u0027ex\u00e9cution de code\n    arbitraire, par exemple \u00e0 l\u0027aide d\u0027un site Web sp\u00e9cifiquement\n    r\u00e9alis\u00e9.\n-   CoreGraphics : un d\u00e9passement d\u0027entier lors de la gestion de\n    fichiers au format PDF permet l\u0027ex\u00e9cution de code arbitraire.\n-   Data Detectors Engine : la visualisation d\u0027un message sp\u00e9cifiquement\n    cr\u00e9\u00e9 permet de provoquer un d\u00e9ni de service de l\u0027application.\n-   Disk Utility : apr\u00e8s l\u0027utilisation de l\u0027outil Repair Permissions il\n    est possible d\u0027ex\u00e9cuter des commandes avec les droits syt\u00e8me \u00e0\n    l\u0027aide d\u0027emacs.\n-   OpenLDAP : un message sp\u00e9cifiquement r\u00e9alis\u00e9 permet de provoquer un\n    d\u00e9ni de service de l\u0027application.\n-   OpenSSL : une vuln\u00e9rabilit\u00e9 dans la fonction\n    SSL_get_shared_ciphers() permet de provoquer un d\u00e9ni de service de\n    l\u0027application.\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettant\n    l\u0027ex\u00e9cution de code arbitraire, ont \u00e9t\u00e9 corrig\u00e9es.\n-   QuickLook : un document au format Microsoft Office sp\u00e9cifiquement\n    r\u00e9alis\u00e9 permet l\u0027ex\u00e9cution de code arbitraire.\n-   rsync : l\u0027utilisation de liens symboliques permet de modifier des\n    fichiers hors du module.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 d\u0027Apple HT2647 du 1 ao\u00fbt 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2324"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-6200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
    },
    {
      "name": "CVE-2008-2051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2051"
    },
    {
      "name": "CVE-2008-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2322"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2008-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2325"
    },
    {
      "name": "CVE-2007-6199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2008-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2323"
    },
    {
      "name": "CVE-2008-2050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2050"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2008-2952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2952"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 01 ao\u00fbt 2008 :",
      "url": "http://support.apple.com/kb/HT2647"
    }
  ],
  "reference": "CERTA-2008-AVI-388",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, et concernant le syst\u00e8me d\u0027exploitaiton Mac OS X,\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 1 ao\u00fbt 2008",
      "url": null
    }
  ]
}

CERTA-2007-AVI-423

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

La version 0.9.8-stable corrige ces problèmes. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenSSL, versions 0.9.8d et précédentes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin Ubuntu USN-522-1 du 29 septembre 2007	None	vendor-advisory
Bulletin de sécurité SuSE SUSE-SR:2007:020 du 12 octobre 2007 :	-	other
Bulletin de sécurité OpenBSD ID 17 du 10 octobre 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:193 du 04 octobre 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0964 du 12 octobre 2007 :	-	other
Bulletin de sécurité Blue Coat du 27 novembre 2007 :	-	other
Bulletin de sécurité FreeBSD SA-07:08 du 03 octobre 2007 :	-	other
Correctif OpenSSL du 29 juin 2007 :	-	other
Bulletin de sécurité Debian DSA-1379-1 du 02 octobre 2007 :	-	other
Bulletin de sécurité Ubuntu USN-522-1 du 29 septembre 2007 :	-	other
Bulletin OpenSSL du 19 septembre 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200710-06 du 07 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eOpenSSL, versions 0.9.8d et pr\u00e9c\u00e9dentes.\u003c/P\u003e",
  "content": "## Description\n\nUne erreur entache l\u0027implantation de l\u0027algorithme de multiplication avec\nr\u00e9duction modulaire de Montgomery. Cette erreur permet \u00e0 un utilisateur\nmalveillant de reconstruire la cl\u00e9 secr\u00e8te utilis\u00e9e.\n\n  \n  \n\nUn d\u00e9faut de v\u00e9rification de taille de tampon m\u00e9moire existe dans la\nfonction SSL_get_shared_ciphers. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un\nutilisateur malveillant de provoquer un d\u00e9ni de service et lui\npermettrait d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nLa version 0.9.8-stable corrige ces probl\u00e8mes. Se r\u00e9f\u00e9rer au bulletin de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-4995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4995"
    },
    {
      "name": "CVE-2007-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3108"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2007:020 du 12 octobre    2007 :",
      "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD ID 17 du 10 octobre 2007 :",
      "url": "http://www.openbsd.org/errata40.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:193 du 04 octobre    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0964 du 12 octobre    2007 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2007:0964.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat du 27 novembre 2007 :",
      "url": "http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-07:08 du 03 octobre 2007 :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
    },
    {
      "title": "Correctif OpenSSL du 29 juin 2007 :",
      "url": "http://openssl.org/news/patch-CVE-2007-3108.txt"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1379-1 du 02 octobre 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1379"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-522-1 du 29 septembre 2007    :",
      "url": "http://www.ubuntulinux.org/usn/usn-522-1"
    },
    {
      "title": "Bulletin OpenSSL du 19 septembre 2007 :",
      "url": "http://cvs.openssl.org/chngview?cn=16587"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200710-06 du 07 octobre    2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-06.xml"
    }
  ],
  "reference": "CERTA-2007-AVI-423",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-04T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE-2007-4995 et des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 OpenBSD, Gentoo, Red Hat, SuSE et Mandriva.",
      "revision_date": "2007-10-17T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence Blue Coat.",
      "revision_date": "2007-11-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s affectent OpenSSL. La premi\u00e8re permet \u00e0 un\nutilisateur malveillant d\u0027acc\u00e9der \u00e0 des donn\u00e9es sensibles. La seconde\npermettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s d\u0027OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Ubuntu USN-522-1 du 29 septembre 2007",
      "url": null
    }
  ]
}

CERTA-2008-AVI-008

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités sur VMWare ESX Server et VirtualCenter Management Server permettent notamment à une personne malintentionnée distante d'exécuter du code arbitraire.

Description

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VirtualCenter Management Server 2.
VMware	N/A	VMWare ESX Server 2.0.x ;
VMware	N/A	VMWare ESX Server 3.0.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008	None	vendor-advisory
Bulletin de sécurité VMWare VMSA-2008-0002 du 07 janvier 2008 :	-	other
Bulletin de sécurité VMWare VMSA-2008-0001 du 07 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VirtualCenter Management Server 2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 2.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare ESX Server 3.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s existent sur VMWare ESX Server. Celles-ci\nconcernent des modules ou logiciels utilis\u00e9s par le serveur et r\u00e9cemment\nmis \u00e0 jour : OpenPegasus, Tomcat, Samba, OpenSSL, JRE, util-linux, et\nPerl. Certaines de ces failles permettent notamment \u00e0 une personne\nmalintentionn\u00e9e distante d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5360"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-5116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
    },
    {
      "name": "CVE-2007-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3004"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-5398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5398"
    },
    {
      "name": "CVE-2007-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3108"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    },
    {
      "name": "CVE-2006-7195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
    },
    {
      "name": "CVE-2007-5191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5191"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier    2008 :",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    }
  ],
  "reference": "CERTA-2008-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sur \u003cspan class=\"textit\"\u003eVMWare ESX\nServer\u003c/span\u003e et \u003cspan class=\"textit\"\u003eVirtualCenter Management\nServer\u003c/span\u003e permettent notamment \u00e0 une personne malintentionn\u00e9e\ndistante d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0001 du 07 janvier 2008",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2008-0002 du 07 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-388

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant entre autres l'exécution de code arbitraire à distance, et concernant le système d'exploitaiton Mac OS X, ont été corrigées.

Description

Plusieurs vulnérabilités concernant Mac OS X ont été corrigées :

Open Scripting Architecture : une mauvaise gestion des droits des plugins permet à un utilisateur malveillant local d'élever ses privilèges.
BIND : une mauvaise gestion de l'aléa et un vulnérabilité protocolaire permettent de corrompre le cache du DNS.
CarbonCore : une vulnérabilité dans les gestion des noms longs de fichier permet l'exécution de code arbitraire.
CoreGraphics : une corruption de mémoire permet l'exécution de code arbitraire, par exemple à l'aide d'un site Web spécifiquement réalisé.
CoreGraphics : un dépassement d'entier lors de la gestion de fichiers au format PDF permet l'exécution de code arbitraire.
Data Detectors Engine : la visualisation d'un message spécifiquement créé permet de provoquer un déni de service de l'application.
Disk Utility : après l'utilisation de l'outil Repair Permissions il est possible d'exécuter des commandes avec les droits sytème à l'aide d'emacs.
OpenLDAP : un message spécifiquement réalisé permet de provoquer un déni de service de l'application.
OpenSSL : une vulnérabilité dans la fonction SSL_get_shared_ciphers() permet de provoquer un déni de service de l'application.
PHP : plusieurs vulnérabilités, dont certaines permettant l'exécution de code arbitraire, ont été corrigées.
QuickLook : un document au format Microsoft Office spécifiquement réalisé permet l'exécution de code arbitraire.
rsync : l'utilisation de liens symboliques permet de modifier des fichiers hors du module.

Solution

Se référer au bulletin de sécurité d'Apple HT2647 du 1 août 2008 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.4.11 ;
N/A	N/A	Mac OS X Server 10.4 ;
N/A	N/A	Mac OS X 10.5.4.
N/A	N/A	Mac OS X Server 10.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT2647 du 1 août 2008	None	vendor-advisory
Bulletin de sécurité Apple HT2647 du 01 août 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant Mac OS X ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Open Scripting Architecture : une mauvaise gestion des droits des\n    plugins permet \u00e0 un utilisateur malveillant local d\u0027\u00e9lever ses\n    privil\u00e8ges.\n-   BIND : une mauvaise gestion de l\u0027al\u00e9a et un vuln\u00e9rabilit\u00e9\n    protocolaire permettent de corrompre le cache du DNS.\n-   CarbonCore : une vuln\u00e9rabilit\u00e9 dans les gestion des noms longs de\n    fichier permet l\u0027ex\u00e9cution de code arbitraire.\n-   CoreGraphics : une corruption de m\u00e9moire permet l\u0027ex\u00e9cution de code\n    arbitraire, par exemple \u00e0 l\u0027aide d\u0027un site Web sp\u00e9cifiquement\n    r\u00e9alis\u00e9.\n-   CoreGraphics : un d\u00e9passement d\u0027entier lors de la gestion de\n    fichiers au format PDF permet l\u0027ex\u00e9cution de code arbitraire.\n-   Data Detectors Engine : la visualisation d\u0027un message sp\u00e9cifiquement\n    cr\u00e9\u00e9 permet de provoquer un d\u00e9ni de service de l\u0027application.\n-   Disk Utility : apr\u00e8s l\u0027utilisation de l\u0027outil Repair Permissions il\n    est possible d\u0027ex\u00e9cuter des commandes avec les droits syt\u00e8me \u00e0\n    l\u0027aide d\u0027emacs.\n-   OpenLDAP : un message sp\u00e9cifiquement r\u00e9alis\u00e9 permet de provoquer un\n    d\u00e9ni de service de l\u0027application.\n-   OpenSSL : une vuln\u00e9rabilit\u00e9 dans la fonction\n    SSL_get_shared_ciphers() permet de provoquer un d\u00e9ni de service de\n    l\u0027application.\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettant\n    l\u0027ex\u00e9cution de code arbitraire, ont \u00e9t\u00e9 corrig\u00e9es.\n-   QuickLook : un document au format Microsoft Office sp\u00e9cifiquement\n    r\u00e9alis\u00e9 permet l\u0027ex\u00e9cution de code arbitraire.\n-   rsync : l\u0027utilisation de liens symboliques permet de modifier des\n    fichiers hors du module.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 d\u0027Apple HT2647 du 1 ao\u00fbt 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2324"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-6200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
    },
    {
      "name": "CVE-2008-2051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2051"
    },
    {
      "name": "CVE-2008-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2322"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2008-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2325"
    },
    {
      "name": "CVE-2007-6199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2008-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2323"
    },
    {
      "name": "CVE-2008-2050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2050"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2008-2952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2952"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 01 ao\u00fbt 2008 :",
      "url": "http://support.apple.com/kb/HT2647"
    }
  ],
  "reference": "CERTA-2008-AVI-388",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, et concernant le syst\u00e8me d\u0027exploitaiton Mac OS X,\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 1 ao\u00fbt 2008",
      "url": null
    }
  ]
}

FKIE_CVE-2007-5135

Vulnerability from fkie_nvd - Published: 2007-09-27 20:17 - Updated: 2026-04-23 00:35

Severity

Summary

References

URL	Tags
cve@mitre.org	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2008/000002.html
cve@mitre.org	http://secunia.com/advisories/22130	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27012	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27021	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27031	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27051	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27078	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27097	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27186	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27205	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27217	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27229	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27330	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27394	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27851	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27870	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27961	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28368	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29242
cve@mitre.org	http://secunia.com/advisories/30124
cve@mitre.org	http://secunia.com/advisories/30161
cve@mitre.org	http://secunia.com/advisories/31308
cve@mitre.org	http://secunia.com/advisories/31326
cve@mitre.org	http://secunia.com/advisories/31467
cve@mitre.org	http://secunia.com/advisories/31489
cve@mitre.org	http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200710-06.xml
cve@mitre.org	http://securityreason.com/securityalert/3179
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241
cve@mitre.org	http://www.debian.org/security/2007/dsa-1379
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:193
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_20_sr.html
cve@mitre.org	http://www.openbsd.org/errata40.html
cve@mitre.org	http://www.openbsd.org/errata41.html
cve@mitre.org	http://www.openbsd.org/errata42.html
cve@mitre.org	http://www.openssl.org/news/secadv_20071012.txt
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-0813.html	Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-0964.html	Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-1003.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/480855/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/481217/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/481488/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/481506/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/484353/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/485936/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486859/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25831
cve@mitre.org	http://www.securitytracker.com/id?1018755
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2008-0001.html
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2008-0013.html
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3325
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3625
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4042
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4144
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0064
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2268
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2361
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2362
cve@mitre.org	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037
cve@mitre.org	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038
cve@mitre.org	https://bugs.gentoo.org/show_bug.cgi?id=194039
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36837
cve@mitre.org	https://issues.rpath.com/browse/RPL-1769
cve@mitre.org	https://issues.rpath.com/browse/RPL-1770
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337
cve@mitre.org	https://usn.ubuntu.com/522-1/
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2008/000002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22130	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27012	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27021	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27031	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27051	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27078	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27097	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27186	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27205	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27217	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27330	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27394	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27851	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27870	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27961	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28368	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29242
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30124
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30161
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31308
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31467
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31489
af854a3a-2127-422b-91ae-364da2661108	http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200710-06.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3179
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1379
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:193
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_20_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openbsd.org/errata40.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openbsd.org/errata41.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openbsd.org/errata42.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openssl.org/news/secadv_20071012.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0813.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0964.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-1003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/480855/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481217/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481488/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481506/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484353/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485936/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486859/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25831
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018755
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0001.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0013.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3325
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3625
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4042
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4144
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0064
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2361
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2362
af854a3a-2127-422b-91ae-364da2661108	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037
af854a3a-2127-422b-91ae-364da2661108	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038
af854a3a-2127-422b-91ae-364da2661108	https://bugs.gentoo.org/show_bug.cgi?id=194039
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36837
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1769
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1770
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/522-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html	Vendor Advisory

Impacted products

Vendor	Product	Version
openssl	openssl	0.9.7
openssl	openssl	0.9.7
openssl	openssl	0.9.7
openssl	openssl	0.9.7
openssl	openssl	0.9.7
openssl	openssl	0.9.7
openssl	openssl	0.9.7
openssl	openssl	0.9.7a
openssl	openssl	0.9.7b
openssl	openssl	0.9.7c
openssl	openssl	0.9.7d
openssl	openssl	0.9.7e
openssl	openssl	0.9.7f
openssl	openssl	0.9.7g
openssl	openssl	0.9.7h
openssl	openssl	0.9.7i
openssl	openssl	0.9.7j
openssl	openssl	0.9.7k
openssl	openssl	0.9.7l
openssl	openssl	0.9.8
openssl	openssl	0.9.8a
openssl	openssl	0.9.8b
openssl	openssl	0.9.8c
openssl	openssl	0.9.8d
openssl	openssl	0.9.8e
openssl	openssl	0.9.8f

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9E3AB748-E463-445C-ABAB-4FEDDFD1878B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "660E4B8D-AABA-4520-BC4D-CF8E76E07C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "85BFEED5-4941-41BB-93D1-CD5C2A41290E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "9644CC68-1E91-45E7-8C53-1E3FC9976A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "9B1B98C4-1FFD-4A7C-AA86-A34BC6F7AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "73934717-2DA3-4614-A076-D6EDA5EB0626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
              "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible."
    },
    {
      "lang": "es",
      "value": "Un error por un paso en la funci\u00f3n SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un paquete dise\u00f1ado que desencadena un subdesbordamiento de b\u00fafer de un byte. NOTA: este problema fue introducido como resultado de una correcci\u00f3n para CVE-2006-3738. A partir de 20071012, se desconoce si es posible la ejecuci\u00f3n de c\u00f3digo."
    }
  ],
  "id": "CVE-2007-5135",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-27T20:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22130"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27012"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27021"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27031"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27051"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27078"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27097"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27186"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27205"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27217"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27229"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27330"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27394"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27851"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27870"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27961"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28368"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30124"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30161"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31489"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3179"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1379"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openbsd.org/errata40.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openbsd.org/errata41.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openbsd.org/errata42.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openssl.org/news/secadv_20071012.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25831"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018755"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3325"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3625"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4042"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4144"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0064"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2361"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2362"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1769"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1770"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/522-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openbsd.org/errata40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openbsd.org/errata41.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openbsd.org/errata42.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openssl.org/news/secadv_20071012.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/522-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JVV3-C5FW-96V6

Vulnerability from github – Published: 2022-05-03 03:18 – Updated: 2022-05-03 03:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5135"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-09-27T20:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.",
  "id": "GHSA-jvv3-c5fw-96v6",
  "modified": "2022-05-03T03:18:25Z",
  "published": "2022-05-03T03:18:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5135"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1769"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1770"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/522-1"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22130"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27012"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27021"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27031"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27051"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27078"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27097"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27186"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27205"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27217"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27229"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27330"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27394"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27851"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27870"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27961"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28368"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30124"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30161"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31308"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31467"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31489"
    },
    {
      "type": "WEB",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3179"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1379"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openbsd.org/errata40.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openbsd.org/errata41.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openbsd.org/errata42.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openssl.org/news/secadv_20071012.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25831"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018755"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3325"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3625"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4042"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4144"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0064"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2361"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2362"
    },
    {
      "type": "WEB",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
    },
    {
      "type": "WEB",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-5135

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5135

Aliases

CVE-2007-5135

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5135",
    "description": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.",
    "id": "GSD-2007-5135",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-5135.html",
      "https://www.debian.org/security/2007/dsa-1379",
      "https://access.redhat.com/errata/RHSA-2007:1003",
      "https://access.redhat.com/errata/RHSA-2007:0964",
      "https://access.redhat.com/errata/RHSA-2007:0813",
      "https://linux.oracle.com/cve/CVE-2007-5135.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5135"
      ],
      "details": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.",
      "id": "GSD-2007-5135",
      "modified": "2023-12-13T01:21:40.815042Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5135",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugs.gentoo.org/show_bug.cgi?id=194039",
            "refsource": "MISC",
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
          },
          {
            "name": "HPSBUX02292",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:5337",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
          },
          {
            "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
          },
          {
            "name": "27205",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27205"
          },
          {
            "name": "27097",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27097"
          },
          {
            "name": "ADV-2008-2362",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2362"
          },
          {
            "name": "1018755",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018755"
          },
          {
            "name": "31489",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31489"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "FEDORA-2007-725",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
          },
          {
            "name": "RHSA-2007:1003",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
          },
          {
            "name": "29242",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29242"
          },
          {
            "name": "MDKSA-2007:193",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1770",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1770"
          },
          {
            "name": "27186",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27186"
          },
          {
            "name": "27851",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27851"
          },
          {
            "name": "ADV-2008-2268",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "30124",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "name": "SUSE-SR:2008:005",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
          },
          {
            "name": "27394",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27394"
          },
          {
            "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
            "refsource": "OPENBSD",
            "url": "http://www.openbsd.org/errata41.html"
          },
          {
            "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:10904",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
          },
          {
            "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
          },
          {
            "name": "31308",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31308"
          },
          {
            "name": "22130",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "name": "27031",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27031"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
          },
          {
            "name": "ADV-2007-3625",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3625"
          },
          {
            "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
          },
          {
            "name": "FreeBSD-SA-07:08",
            "refsource": "FREEBSD",
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
          },
          {
            "name": "USN-522-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/522-1/"
          },
          {
            "name": "ADV-2008-2361",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2361"
          },
          {
            "name": "27217",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27217"
          },
          {
            "name": "31467",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31467"
          },
          {
            "name": "27961",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27961"
          },
          {
            "name": "RHSA-2007:0964",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
          },
          {
            "name": "27870",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27870"
          },
          {
            "name": "25831",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25831"
          },
          {
            "name": "DSA-1379",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1379"
          },
          {
            "name": "ADV-2007-4042",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4042"
          },
          {
            "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
          },
          {
            "name": "27330",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27330"
          },
          {
            "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038",
            "refsource": "CONFIRM",
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
          },
          {
            "name": "30161",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "name": "GLSA-200805-07",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037",
            "refsource": "CONFIRM",
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
          },
          {
            "name": "28368",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28368"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1769",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1769"
          },
          {
            "name": "27012",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27012"
          },
          {
            "name": "3179",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3179"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
          },
          {
            "name": "27229",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27229"
          },
          {
            "name": "27051",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27051"
          },
          {
            "name": "31326",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "27078",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27078"
          },
          {
            "name": "GLSA-200710-06",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
          },
          {
            "name": "SSRT071499",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
          },
          {
            "name": "NetBSD-SA2008-007",
            "refsource": "NETBSD",
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
          },
          {
            "name": "http://www.openssl.org/news/secadv_20071012.txt",
            "refsource": "CONFIRM",
            "url": "http://www.openssl.org/news/secadv_20071012.txt"
          },
          {
            "name": "200858",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
          },
          {
            "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
            "refsource": "OPENBSD",
            "url": "http://www.openbsd.org/errata40.html"
          },
          {
            "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
            "refsource": "OPENBSD",
            "url": "http://www.openbsd.org/errata42.html"
          },
          {
            "name": "openssl-sslgetshared-bo(36837)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
          },
          {
            "name": "RHSA-2007:0813",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
          },
          {
            "name": "SUSE-SR:2007:020",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
          },
          {
            "name": "ADV-2007-3325",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3325"
          },
          {
            "name": "ADV-2007-4144",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4144"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
          },
          {
            "name": "ADV-2008-0064",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0064"
          },
          {
            "name": "27021",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27021"
          },
          {
            "name": "103130",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
          },
          {
            "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5135"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.gentoo.org/show_bug.cgi?id=194039",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=194039"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20071012.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.openssl.org/news/secadv_20071012.txt"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1769",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-1769"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4037"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4038"
            },
            {
              "name": "DSA-1379",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1379"
            },
            {
              "name": "FEDORA-2007-725",
              "refsource": "FEDORA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html"
            },
            {
              "name": "FreeBSD-SA-07:08",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc"
            },
            {
              "name": "GLSA-200710-06",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
            },
            {
              "name": "MDKSA-2007:193",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"
            },
            {
              "name": "[4.0] 017: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "tags": [],
              "url": "http://www.openbsd.org/errata40.html"
            },
            {
              "name": "[4.1] 011: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "tags": [],
              "url": "http://www.openbsd.org/errata41.html"
            },
            {
              "name": "[4.2] 002: SECURITY FIX: October 10, 2007",
              "refsource": "OPENBSD",
              "tags": [],
              "url": "http://www.openbsd.org/errata42.html"
            },
            {
              "name": "RHSA-2007:0964",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0964.html"
            },
            {
              "name": "RHSA-2007:0813",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0813.html"
            },
            {
              "name": "RHSA-2007:1003",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1003.html"
            },
            {
              "name": "103130",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1"
            },
            {
              "name": "SUSE-SR:2007:020",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
            },
            {
              "name": "25831",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25831"
            },
            {
              "name": "1018755",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018755"
            },
            {
              "name": "27021",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27021"
            },
            {
              "name": "22130",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22130"
            },
            {
              "name": "27012",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27012"
            },
            {
              "name": "27051",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27051"
            },
            {
              "name": "27097",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27097"
            },
            {
              "name": "27078",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27078"
            },
            {
              "name": "27186",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27186"
            },
            {
              "name": "27205",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27205"
            },
            {
              "name": "27217",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27217"
            },
            {
              "name": "27330",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27330"
            },
            {
              "name": "27394",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27394"
            },
            {
              "name": "27229",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27229"
            },
            {
              "name": "27031",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27031"
            },
            {
              "name": "27870",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27870"
            },
            {
              "name": "27851",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27851"
            },
            {
              "name": "27961",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27961"
            },
            {
              "name": "3179",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3179"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
            },
            {
              "name": "28368",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28368"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
            },
            {
              "name": "SUSE-SR:2008:005",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "29242",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "200858",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1"
            },
            {
              "name": "GLSA-200805-07",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
            },
            {
              "name": "NetBSD-SA2008-007",
              "refsource": "NETBSD",
              "tags": [],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc"
            },
            {
              "name": "30124",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30124"
            },
            {
              "name": "30161",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30161"
            },
            {
              "name": "31489",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31489"
            },
            {
              "name": "31467",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31467"
            },
            {
              "name": "31308",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31308"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1770",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-1770"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241"
            },
            {
              "name": "ADV-2008-2361",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2361"
            },
            {
              "name": "ADV-2007-4144",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4144"
            },
            {
              "name": "ADV-2007-4042",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4042"
            },
            {
              "name": "ADV-2008-0064",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0064"
            },
            {
              "name": "ADV-2007-3625",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3625"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "ADV-2007-3325",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3325"
            },
            {
              "name": "ADV-2008-2362",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2362"
            },
            {
              "name": "openssl-sslgetshared-bo(36837)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36837"
            },
            {
              "name": "oval:org.mitre.oval:def:5337",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337"
            },
            {
              "name": "oval:org.mitre.oval:def:10904",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904"
            },
            {
              "name": "USN-522-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/522-1/"
            },
            {
              "name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
            },
            {
              "name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
            },
            {
              "name": "HPSBUX02292",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/484353/100/0/threaded"
            },
            {
              "name": "20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481506/100/0/threaded"
            },
            {
              "name": "20071003 FLEA-2007-0058-1 openssl openssl-scripts",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481488/100/0/threaded"
            },
            {
              "name": "20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481217/100/0/threaded"
            },
            {
              "name": "20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/480855/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:40Z",
      "publishedDate": "2007-09-27T20:17Z"
    }
  }
}

OPENSUSE-SU-2024:11125-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libopenssl-devel-1.1.1l-1.2 on GA media

Severity

Moderate

Notes

Title of the patch: libopenssl-devel-1.1.1l-1.2 on GA media

Description of the patch: These are all security issues fixed in the libopenssl-devel-1.1.1l-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-11125

CVE-2006-2937

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2006-2940

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2006-3738

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2006-4339

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2006-4343

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2007-3108

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2007-5135

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2008-0891

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2008-1672

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2016-7055

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2016-7056

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-3731

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-3732

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64	—	Vendor Fix

Threats

Impact low

References

75 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2006-2937/	self
https://www.suse.com/security/cve/CVE-2006-2940/	self
https://www.suse.com/security/cve/CVE-2006-3738/	self
https://www.suse.com/security/cve/CVE-2006-4339/	self
https://www.suse.com/security/cve/CVE-2006-4343/	self
https://www.suse.com/security/cve/CVE-2007-3108/	self
https://www.suse.com/security/cve/CVE-2007-5135/	self
https://www.suse.com/security/cve/CVE-2008-0891/	self
https://www.suse.com/security/cve/CVE-2008-1672/	self
https://www.suse.com/security/cve/CVE-2016-7055/	self
https://www.suse.com/security/cve/CVE-2016-7056/	self
https://www.suse.com/security/cve/CVE-2017-3731/	self
https://www.suse.com/security/cve/CVE-2017-3732/	self
https://www.suse.com/security/cve/CVE-2006-2937	external
https://bugzilla.suse.com/202366	external
https://bugzilla.suse.com/207635	external
https://bugzilla.suse.com/215623	external
https://www.suse.com/security/cve/CVE-2006-2940	external
https://bugzilla.suse.com/202366	external
https://bugzilla.suse.com/207635	external
https://bugzilla.suse.com/208971	external
https://bugzilla.suse.com/215623	external
https://bugzilla.suse.com/223040	external
https://bugzilla.suse.com/992991	external
https://www.suse.com/security/cve/CVE-2006-3738	external
https://bugzilla.suse.com/202366	external
https://bugzilla.suse.com/215623	external
https://www.suse.com/security/cve/CVE-2006-4339	external
https://bugzilla.suse.com/202366	external
https://bugzilla.suse.com/203595	external
https://bugzilla.suse.com/206636	external
https://bugzilla.suse.com/207635	external
https://bugzilla.suse.com/215623	external
https://bugzilla.suse.com/218303	external
https://bugzilla.suse.com/233584	external
https://bugzilla.suse.com/564512	external
https://www.suse.com/security/cve/CVE-2006-4343	external
https://bugzilla.suse.com/202366	external
https://bugzilla.suse.com/207635	external
https://bugzilla.suse.com/215623	external
https://www.suse.com/security/cve/CVE-2007-3108	external
https://bugzilla.suse.com/296511	external
https://www.suse.com/security/cve/CVE-2007-5135	external
https://bugzilla.suse.com/329208	external
https://bugzilla.suse.com/331726	external
https://bugzilla.suse.com/363663	external
https://www.suse.com/security/cve/CVE-2008-0891	external
https://bugzilla.suse.com/394317	external
https://bugzilla.suse.com/404511	external
https://www.suse.com/security/cve/CVE-2008-1672	external
https://bugzilla.suse.com/394317	external
https://bugzilla.suse.com/404511	external
https://www.suse.com/security/cve/CVE-2016-7055	external
https://bugzilla.suse.com/1009528	external
https://bugzilla.suse.com/1021641	external
https://www.suse.com/security/cve/CVE-2016-7056	external
https://bugzilla.suse.com/1005878	external
https://bugzilla.suse.com/1019334	external
https://bugzilla.suse.com/1148697	external
https://www.suse.com/security/cve/CVE-2017-3731	external
https://bugzilla.suse.com/1021641	external
https://bugzilla.suse.com/1022085	external
https://bugzilla.suse.com/1064118	external
https://bugzilla.suse.com/1064119	external
https://www.suse.com/security/cve/CVE-2017-3732	external
https://bugzilla.suse.com/1021641	external
https://bugzilla.suse.com/1022086	external
https://bugzilla.suse.com/1049418	external
https://bugzilla.suse.com/1049421	external
https://bugzilla.suse.com/1049422	external
https://bugzilla.suse.com/1066242	external
https://bugzilla.suse.com/1071906	external
https://bugzilla.suse.com/957814	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libopenssl-devel-1.1.1l-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libopenssl-devel-1.1.1l-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11125",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11125-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2006-2937 page",
        "url": "https://www.suse.com/security/cve/CVE-2006-2937/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2006-2940 page",
        "url": "https://www.suse.com/security/cve/CVE-2006-2940/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2006-3738 page",
        "url": "https://www.suse.com/security/cve/CVE-2006-3738/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2006-4339 page",
        "url": "https://www.suse.com/security/cve/CVE-2006-4339/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2006-4343 page",
        "url": "https://www.suse.com/security/cve/CVE-2006-4343/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2007-3108 page",
        "url": "https://www.suse.com/security/cve/CVE-2007-3108/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2007-5135 page",
        "url": "https://www.suse.com/security/cve/CVE-2007-5135/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2008-0891 page",
        "url": "https://www.suse.com/security/cve/CVE-2008-0891/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2008-1672 page",
        "url": "https://www.suse.com/security/cve/CVE-2008-1672/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7055 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7055/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7056 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7056/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-3731 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-3731/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-3732 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-3732/"
      }
    ],
    "title": "libopenssl-devel-1.1.1l-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11125-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-devel-1.1.1l-1.2.aarch64",
                "product": {
                  "name": "libopenssl-devel-1.1.1l-1.2.aarch64",
                  "product_id": "libopenssl-devel-1.1.1l-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1.1.1l-1.2.aarch64",
                "product": {
                  "name": "openssl-1.1.1l-1.2.aarch64",
                  "product_id": "openssl-1.1.1l-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-devel-1.1.1l-1.2.ppc64le",
                "product": {
                  "name": "libopenssl-devel-1.1.1l-1.2.ppc64le",
                  "product_id": "libopenssl-devel-1.1.1l-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1.1.1l-1.2.ppc64le",
                "product": {
                  "name": "openssl-1.1.1l-1.2.ppc64le",
                  "product_id": "openssl-1.1.1l-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-devel-1.1.1l-1.2.s390x",
                "product": {
                  "name": "libopenssl-devel-1.1.1l-1.2.s390x",
                  "product_id": "libopenssl-devel-1.1.1l-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1.1.1l-1.2.s390x",
                "product": {
                  "name": "openssl-1.1.1l-1.2.s390x",
                  "product_id": "openssl-1.1.1l-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl-devel-1.1.1l-1.2.x86_64",
                "product": {
                  "name": "libopenssl-devel-1.1.1l-1.2.x86_64",
                  "product_id": "libopenssl-devel-1.1.1l-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1.1.1l-1.2.x86_64",
                "product": {
                  "name": "openssl-1.1.1l-1.2.x86_64",
                  "product_id": "openssl-1.1.1l-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-devel-1.1.1l-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64"
        },
        "product_reference": "libopenssl-devel-1.1.1l-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-devel-1.1.1l-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le"
        },
        "product_reference": "libopenssl-devel-1.1.1l-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-devel-1.1.1l-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x"
        },
        "product_reference": "libopenssl-devel-1.1.1l-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl-devel-1.1.1l-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64"
        },
        "product_reference": "libopenssl-devel-1.1.1l-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.1.1l-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64"
        },
        "product_reference": "openssl-1.1.1l-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.1.1l-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le"
        },
        "product_reference": "openssl-1.1.1l-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.1.1l-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x"
        },
        "product_reference": "openssl-1.1.1l-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1.1.1l-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        },
        "product_reference": "openssl-1.1.1l-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-2937",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2006-2937"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2006-2937",
          "url": "https://www.suse.com/security/cve/CVE-2006-2937"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 202366 for CVE-2006-2937",
          "url": "https://bugzilla.suse.com/202366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 207635 for CVE-2006-2937",
          "url": "https://bugzilla.suse.com/207635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 215623 for CVE-2006-2937",
          "url": "https://bugzilla.suse.com/215623"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2006-2937"
    },
    {
      "cve": "CVE-2006-2940",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2006-2940"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2006-2940",
          "url": "https://www.suse.com/security/cve/CVE-2006-2940"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 202366 for CVE-2006-2940",
          "url": "https://bugzilla.suse.com/202366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 207635 for CVE-2006-2940",
          "url": "https://bugzilla.suse.com/207635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 208971 for CVE-2006-2940",
          "url": "https://bugzilla.suse.com/208971"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 215623 for CVE-2006-2940",
          "url": "https://bugzilla.suse.com/215623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 223040 for CVE-2006-2940",
          "url": "https://bugzilla.suse.com/223040"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 992991 for CVE-2006-2940",
          "url": "https://bugzilla.suse.com/992991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2006-2940"
    },
    {
      "cve": "CVE-2006-3738",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2006-3738"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2006-3738",
          "url": "https://www.suse.com/security/cve/CVE-2006-3738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 202366 for CVE-2006-3738",
          "url": "https://bugzilla.suse.com/202366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 215623 for CVE-2006-3738",
          "url": "https://bugzilla.suse.com/215623"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2006-3738"
    },
    {
      "cve": "CVE-2006-4339",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2006-4339"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2006-4339",
          "url": "https://www.suse.com/security/cve/CVE-2006-4339"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 202366 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/202366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 203595 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/203595"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 206636 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/206636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 207635 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/207635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 215623 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/215623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 218303 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/218303"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 233584 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/233584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 564512 for CVE-2006-4339",
          "url": "https://bugzilla.suse.com/564512"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2006-4339"
    },
    {
      "cve": "CVE-2006-4343",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2006-4343"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2006-4343",
          "url": "https://www.suse.com/security/cve/CVE-2006-4343"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 202366 for CVE-2006-4343",
          "url": "https://bugzilla.suse.com/202366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 207635 for CVE-2006-4343",
          "url": "https://bugzilla.suse.com/207635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 215623 for CVE-2006-4343",
          "url": "https://bugzilla.suse.com/215623"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2006-4343"
    },
    {
      "cve": "CVE-2007-3108",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2007-3108"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2007-3108",
          "url": "https://www.suse.com/security/cve/CVE-2007-3108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 296511 for CVE-2007-3108",
          "url": "https://bugzilla.suse.com/296511"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2007-3108"
    },
    {
      "cve": "CVE-2007-5135",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2007-5135"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2007-5135",
          "url": "https://www.suse.com/security/cve/CVE-2007-5135"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 329208 for CVE-2007-5135",
          "url": "https://bugzilla.suse.com/329208"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 331726 for CVE-2007-5135",
          "url": "https://bugzilla.suse.com/331726"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 363663 for CVE-2007-5135",
          "url": "https://bugzilla.suse.com/363663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2007-5135"
    },
    {
      "cve": "CVE-2008-0891",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2008-0891"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2008-0891",
          "url": "https://www.suse.com/security/cve/CVE-2008-0891"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 394317 for CVE-2008-0891",
          "url": "https://bugzilla.suse.com/394317"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 404511 for CVE-2008-0891",
          "url": "https://bugzilla.suse.com/404511"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2008-0891"
    },
    {
      "cve": "CVE-2008-1672",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2008-1672"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2008-1672",
          "url": "https://www.suse.com/security/cve/CVE-2008-1672"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 394317 for CVE-2008-1672",
          "url": "https://bugzilla.suse.com/394317"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 404511 for CVE-2008-1672",
          "url": "https://bugzilla.suse.com/404511"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2008-1672"
    },
    {
      "cve": "CVE-2016-7055",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7055"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7055",
          "url": "https://www.suse.com/security/cve/CVE-2016-7055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1009528 for CVE-2016-7055",
          "url": "https://bugzilla.suse.com/1009528"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021641 for CVE-2016-7055",
          "url": "https://bugzilla.suse.com/1021641"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-7055"
    },
    {
      "cve": "CVE-2016-7056",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7056"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7056",
          "url": "https://www.suse.com/security/cve/CVE-2016-7056"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005878 for CVE-2016-7056",
          "url": "https://bugzilla.suse.com/1005878"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1019334 for CVE-2016-7056",
          "url": "https://bugzilla.suse.com/1019334"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2016-7056",
          "url": "https://bugzilla.suse.com/1148697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-7056"
    },
    {
      "cve": "CVE-2017-3731",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-3731"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-3731",
          "url": "https://www.suse.com/security/cve/CVE-2017-3731"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021641 for CVE-2017-3731",
          "url": "https://bugzilla.suse.com/1021641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1022085 for CVE-2017-3731",
          "url": "https://bugzilla.suse.com/1022085"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1064118 for CVE-2017-3731",
          "url": "https://bugzilla.suse.com/1064118"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1064119 for CVE-2017-3731",
          "url": "https://bugzilla.suse.com/1064119"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-3731"
    },
    {
      "cve": "CVE-2017-3732",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-3732"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
          "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-3732",
          "url": "https://www.suse.com/security/cve/CVE-2017-3732"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021641 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/1021641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1022086 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/1022086"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049418 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/1049418"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049421 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/1049421"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049422 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/1049422"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066242 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/1066242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1071906 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/1071906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 957814 for CVE-2017-3732",
          "url": "https://bugzilla.suse.com/957814"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:libopenssl-devel-1.1.1l-1.2.x86_64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.aarch64",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.ppc64le",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.s390x",
            "openSUSE Tumbleweed:openssl-1.1.1l-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-3732"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5135 (GCVE-0-2007-5135)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature