CVE-2007-4995

EPSS 9.18%
Veröffentlicht 13.10.2007 01:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 34

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version0.9.8

OpenSSL ≫ OpenSSL Version0.9.8a

OpenSSL ≫ OpenSSL Version0.9.8b

OpenSSL ≫ OpenSSL Version0.9.8c

OpenSSL ≫ OpenSSL Version0.9.8d

OpenSSL ≫ OpenSSL Version0.9.8e

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.18%	0.924

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

http://secunia.com/advisories/27271

Vendor Advisory

http://secunia.com/advisories/30161

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://secunia.com/advisories/27205

Vendor Advisory

http://secunia.com/advisories/30220

Vendor Advisory

http://www.debian.org/security/2008/dsa-1571

http://www.redhat.com/support/errata/RHSA-2007-0964.html

Vendor Advisory

http://secunia.com/advisories/27217

Vendor Advisory

http://www.openssl.org/news/secadv_20071012.txt

Patch

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html

http://bugs.gentoo.org/show_bug.cgi?id=195634

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773

http://secunia.com/advisories/25878

Vendor Advisory

http://secunia.com/advisories/27363

Vendor Advisory

http://secunia.com/advisories/27434

Vendor Advisory

http://secunia.com/advisories/27933

Vendor Advisory

http://secunia.com/advisories/28084

Vendor Advisory

http://secunia.com/advisories/30852

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200710-30.xml

http://securitytracker.com/id?1018810

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962

http://www.mandriva.com/security/advisories?name=MDKSA-2007:237

http://www.securityfocus.com/archive/1/482167/100/0/threaded

http://www.securityfocus.com/bid/26055

http://www.vupen.com/english/advisories/2007/3487

Vendor Advisory

http://www.vupen.com/english/advisories/2007/4219

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1937/references

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/37185

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288

https://usn.ubuntu.com/534-1/

https://nvd.nist.gov/vuln/detail/CVE-2007-4995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4995

EUVD