CVE-2007-5135

Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 27 Sept 2007, 20:00
Last modified:07 Aug 2024, 15:17

Vulnerability Summary

Overall Risk (default)
medium
38/100
CVSS Score
6.8 MEDIUM
v2.0 (nvd)
EPSS Score
53.12% CRITICAL
53% probability +6.23%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

27 Sept 2007, 20:00
Published
Vulnerability first disclosed
07 Aug 2024, 15:17
Last Modified
Vulnerability information updated

Description

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

CVSS Metrics

  • v2.0MEDIUMScore: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 53.12% Percentile: 98%

Techniques & Countermeasures

  • CWE-189Numeric Errors

    Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

  • UnknownOpenSSL

    0.9.7 | 0.9.7:beta1 | 0.9.7:beta2 | 0.9.7:beta3 | 0.9.7:beta4 | 0.9.7:beta5 | 0.9.7:beta6 | 0.9.7a | 0.9.7b | 0.9.7c | 0.9.7d | 0.9.7e | 0.9.7f | 0.9.7g | 0.9.7h | 0.9.7i | 0.9.7j | 0.9.7k | 0.9.7l | 0.9.8 | 0.9.8a | 0.9.8b | 0.9.8c | 0.9.8d | 0.9.8e | 0.9.8f

References (75)