What is CVE-2007-5135?

CVE-2007-5135 is a vulnerability in N/a. Published 2007-09-27.

Is CVE-2007-5135 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2007-5135

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: th…

EPSS: 0.531 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

bugs.gentoo.org/show_bug.cgi (x_refsource_MISC)
HPSBUX02292 (x_refsource_HP, vendor-advisory)
oval:org.mitre.oval:def:5337 (x_refsource_OVAL, signature, vdb-entry)
20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (mailing-list, x_refsource_BUGTRAQ)
wiki.rpath.com/wiki/Advisories:rPSA-2008-0241 (x_refsource_CONFIRM)
27205 (x_refsource_SECUNIA, third-party-advisory)
27097 (x_refsource_SECUNIA, third-party-advisory)
ADV-2008-2362 (vdb-entry, x_refsource_VUPEN)
1018755 (vdb-entry, x_refsource_SECTRACK)
31489 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2007-5135?: CVE-2007-5135 is a vulnerability in N/a. Published 2007-09-27.
Is CVE-2007-5135 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.