[Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()
Kurt Roeckx
kurt at roeckx.be
Fri Sep 28 17:24:52 UTC 2007
On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote:
> > Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL
> > 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary
> > code via a crafted packet that triggers a one-byte buffer underflow.
So, it seems to be that CVE-2006-3738 didn't properly fix things.
Kurt
More information about the Pkg-openssl-devel
mailing list