NVD
- Id
- 57218
- Name
- CVE-2007-5135
- Description
- Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
- Reject
- CVSS Version
- 2
- CVSS Score
- 6.8
- Severity
- Medium
- CVSS Base Score
- 6.8
- CVSS Impact Subscore
- 6.4
- CVSS Exploit Subscore
- 8.6
- CVSS Vector
- (AV:N/AC:M/Au:N/C:P/I:P/A:P)
- Pub Date
- 2017-01-07
- Published
- 2007-09-27
- Modified Date
- 2011-08-29
- Seq
- 2007-5135
Related NVD References
| Id | NVD Id | NVD No. | Reference | Actions |
|---|---|---|---|---|
| 292150 | 57218 | CVE-2007-5135 | NetBSD-SA2008-007 | View |
| 292151 | 57218 | CVE-2007-5135 | APPLE-SA-2008-07-31 | View |
| 292152 | 57218 | CVE-2007-5135 | SUSE-SR:2008:005 | View |
| 292153 | 57218 | CVE-2007-5135 | [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages | View |
| 292154 | 57218 | CVE-2007-5135 | oval:org.mitre.oval:def:10904 | View |
| 292155 | 57218 | CVE-2007-5135 | oval:org.mitre.oval:def:5337 | View |
| 292156 | 57218 | CVE-2007-5135 | FreeBSD-SA-07:08 | View |
| 292157 | 57218 | CVE-2007-5135 | GLSA-200710-06 | View |
| 292158 | 57218 | CVE-2007-5135 | 3179 | View |
| 292159 | 57218 | CVE-2007-5135 | 103130 | View |
| 292160 | 57218 | CVE-2007-5135 | 200858 | View |
| 292161 | 57218 | CVE-2007-5135 | http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm | View |
| 292162 | 57218 | CVE-2007-5135 | http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241 | View |
| 292163 | 57218 | CVE-2007-5135 | DSA-1379 | View |
| 292164 | 57218 | CVE-2007-5135 | GLSA-200805-07 | View |
| 292165 | 57218 | CVE-2007-5135 | MDKSA-2007:193 | View |
| 292166 | 57218 | CVE-2007-5135 | SUSE-SR:2007:020 | View |
| 292167 | 57218 | CVE-2007-5135 | [4.0] 017: SECURITY FIX: October 10, 2007 | View |
| 292168 | 57218 | CVE-2007-5135 | [4.1] 011: SECURITY FIX: October 10, 2007 | View |
| 292169 | 57218 | CVE-2007-5135 | [4.2] 002: SECURITY FIX: October 10, 2007 | View |
| 292170 | 57218 | CVE-2007-5135 | http://www.openssl.org/news/secadv_20071012.txt | View |
| 292171 | 57218 | CVE-2007-5135 | RHSA-2007:0813 | View |
| 292172 | 57218 | CVE-2007-5135 | RHSA-2007:0964 | View |
| 292173 | 57218 | CVE-2007-5135 | RHSA-2007:1003 | View |
| 292174 | 57218 | CVE-2007-5135 | 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow | View |
| 292175 | 57218 | CVE-2007-5135 | 20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow | View |
| 292176 | 57218 | CVE-2007-5135 | 20071003 FLEA-2007-0058-1 openssl openssl-scripts | View |
| 292177 | 57218 | CVE-2007-5135 | 20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow | View |
| 292178 | 57218 | CVE-2007-5135 | SSRT071499 | View |
| 292179 | 57218 | CVE-2007-5135 | 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages | View |
| 292180 | 57218 | CVE-2007-5135 | 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages | View |
| 292181 | 57218 | CVE-2007-5135 | 25831 | View |
| 292182 | 57218 | CVE-2007-5135 | 1018755 | View |
| 292183 | 57218 | CVE-2007-5135 | USN-522-1 | View |
| 292184 | 57218 | CVE-2007-5135 | http://www.vmware.com/security/advisories/VMSA-2008-0001.html | View |
| 292185 | 57218 | CVE-2007-5135 | http://www.vmware.com/security/advisories/VMSA-2008-0013.html | View |
| 292186 | 57218 | CVE-2007-5135 | ADV-2007-3325 | View |
| 292187 | 57218 | CVE-2007-5135 | ADV-2007-3625 | View |
| 292188 | 57218 | CVE-2007-5135 | ADV-2007-4042 | View |
| 292189 | 57218 | CVE-2007-5135 | ADV-2007-4144 | View |
| 292190 | 57218 | CVE-2007-5135 | ADV-2008-0064 | View |
| 292191 | 57218 | CVE-2007-5135 | ADV-2008-2268 | View |
| 292192 | 57218 | CVE-2007-5135 | ADV-2008-2361 | View |
| 292193 | 57218 | CVE-2007-5135 | ADV-2008-2362 | View |
| 292194 | 57218 | CVE-2007-5135 | http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037 | View |
| 292195 | 57218 | CVE-2007-5135 | http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038 | View |
| 292196 | 57218 | CVE-2007-5135 | openssl-sslgetshared-bo(36837) | View |
| 292197 | 57218 | CVE-2007-5135 | https://bugs.gentoo.org/show_bug.cgi?id=194039 | View |
| 292198 | 57218 | CVE-2007-5135 | https://issues.rpath.com/browse/RPL-1769 | View |
| 292199 | 57218 | CVE-2007-5135 | https://issues.rpath.com/browse/RPL-1770 | View |
| 292200 | 57218 | CVE-2007-5135 | FEDORA-2007-725 | View |
Related JVN
| Id | Name | Title | Summary | Cveinfo Name | Cveinfo Id | Nvdinfo Name | Nvdinfo Id | Cvssv2 | Cvssv3 | Jvnurl | Published Date | Last Updated Date | Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 52112 | JVNDB-2007-000775 | OpenSSL の SSL_get_shared_ciphers() 関数における一つずれエラーの脆弱性 | OpenSSL の SSL_get_shared_ciphers() 関数には、一つずれ (off-by-one) エラーによる、1byte バッファアンダーフローが発生する脆弱性が存在します。 | CVE-2007-5135 | 28490 | CVE-2007-5135 | 57218 | 6.8 | http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000775.html | 2007-10-12 | 2010-01-05 | View |
