What is CVE-2006-3738?

CVE-2006-3738 is a vulnerability in N/a. Published 2006-09-28.

Is CVE-2006-3738 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2006-3738

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

EPSS: 0.537 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

MDKSA-2006:172 (vendor-advisory, x_refsource_MANDRIVA)
22212 (x_refsource_SECUNIA, third-party-advisory)
ADV-2006-4750 (vdb-entry, x_refsource_VUPEN)
www.vmware.com/support/esx21/doc/esx-213-200612-patch.html (x_refsource_CONFIRM)
23915 (x_refsource_SECUNIA, third-party-advisory)
HPSBMA02250 (x_refsource_HP, vendor-advisory)
1016943 (vdb-entry, x_refsource_SECTRACK)
23038 (x_refsource_SECUNIA, third-party-advisory)
2006-0054 (vendor-advisory, x_refsource_TRUSTIX)
DSA-1195 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2006-3738?: CVE-2006-3738 is a vulnerability in N/a. Published 2006-09-28.
Is CVE-2006-3738 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.