Threat Encyclopedia



This indicates an attempt to exploit a Buffer Overflow vulnerability in OpenSSL.
The vulnerability is a result of errors in the "SSL_get_shared_ciphers()" function. An attacker with the ability to supply a specially crafted list of ciphers can execute code in the context of the application using the vulnerable function.

affected-products-logoAffected Products

OpenSSL 0.9.7 before 0.9.7l
OpenSSL 0.9.8 before 0.9.8d, and earlier versions.


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to OpenSSL 0.9.8d or 0.9.7l, or to the most recent version.

CVE References

CVE-2007-5135 CVE-2006-3738