Unrated severityNVD Advisory· Published Sep 27, 2007· Updated Jun 16, 2026
CVE-2007-5135
CVE-2007-5135
Description
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
29cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
- (no CPE)range: 0.9.7 - 0.9.7l, 0.9.8 - 0.9.8f
- osv-coords2 versionspkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweed
< 1.0.2u-6.2+ 1 more
- (no CPE)range: < 1.0.2u-6.2
- (no CPE)range: < 1.1.1l-1.2
Patches
Vulnerability mechanics
References
75- secunia.com/advisories/22130nvdVendor Advisory
- secunia.com/advisories/27012nvdVendor Advisory
- secunia.com/advisories/27021nvdVendor Advisory
- secunia.com/advisories/27031nvdVendor Advisory
- secunia.com/advisories/27051nvdVendor Advisory
- secunia.com/advisories/27078nvdVendor Advisory
- secunia.com/advisories/27097nvdVendor Advisory
- secunia.com/advisories/27186nvdVendor Advisory
- secunia.com/advisories/27205nvdVendor Advisory
- secunia.com/advisories/27217nvdVendor Advisory
- secunia.com/advisories/27229nvdVendor Advisory
- secunia.com/advisories/27330nvdVendor Advisory
- secunia.com/advisories/27394nvdVendor Advisory
- secunia.com/advisories/27851nvdVendor Advisory
- secunia.com/advisories/27870nvdVendor Advisory
- secunia.com/advisories/27961nvdVendor Advisory
- secunia.com/advisories/28368nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0813.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0964.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-1003.htmlnvdVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.htmlnvdVendor Advisory
- ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.ascnvd
- lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlnvd
- lists.vmware.com/pipermail/security-announce/2008/000002.htmlnvd
- secunia.com/advisories/29242nvd
- secunia.com/advisories/30124nvd
- secunia.com/advisories/30161nvd
- secunia.com/advisories/31308nvd
- secunia.com/advisories/31326nvd
- secunia.com/advisories/31467nvd
- secunia.com/advisories/31489nvd
- security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.ascnvd
- security.gentoo.org/glsa/glsa-200710-06.xmlnvd
- securityreason.com/securityalert/3179nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2007-485.htmnvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0241nvd
- www.debian.org/security/2007/dsa-1379nvd
- www.gentoo.org/security/en/glsa/glsa-200805-07.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_20_sr.htmlnvd
- www.openbsd.org/errata40.htmlnvd
- www.openbsd.org/errata41.htmlnvd
- www.openbsd.org/errata42.htmlnvd
- www.openssl.org/news/secadv_20071012.txtnvd
- www.securityfocus.com/archive/1/480855/100/0/threadednvd
- www.securityfocus.com/archive/1/481217/100/0/threadednvd
- www.securityfocus.com/archive/1/481488/100/0/threadednvd
- www.securityfocus.com/archive/1/481506/100/0/threadednvd
- www.securityfocus.com/archive/1/484353/100/0/threadednvd
- www.securityfocus.com/archive/1/485936/100/0/threadednvd
- www.securityfocus.com/archive/1/486859/100/0/threadednvd
- www.securityfocus.com/bid/25831nvd
- www.securitytracker.com/idnvd
- www.vmware.com/security/advisories/VMSA-2008-0001.htmlnvd
- www.vmware.com/security/advisories/VMSA-2008-0013.htmlnvd
- www.vupen.com/english/advisories/2007/3325nvd
- www.vupen.com/english/advisories/2007/3625nvd
- www.vupen.com/english/advisories/2007/4042nvd
- www.vupen.com/english/advisories/2007/4144nvd
- www.vupen.com/english/advisories/2008/0064nvd
- www.vupen.com/english/advisories/2008/2268nvd
- www.vupen.com/english/advisories/2008/2361nvd
- www.vupen.com/english/advisories/2008/2362nvd
- www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjdnvd
- www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjdnvd
- bugs.gentoo.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36837nvd
- issues.rpath.com/browse/RPL-1769nvd
- issues.rpath.com/browse/RPL-1770nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337nvd
- usn.ubuntu.com/522-1/nvd
News mentions
0No linked articles in our index yet.