Title : OpenSSL "SSL_Get_Shared_Ciphers()" Off-by-One Buffer Overflow Issue VUPEN ID : VUPEN/ADV-2007-3325 CVE ID : CVE-2007-5135
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-10-02
Technical Description
A vulnerability has been identified in OpenSSL, which could be exploited by attackers to cause a denial of service or potentially execute arbitrary commands. This issue is caused by an off-by-one buffer overflow error in the "SSL_get_shared_ciphers()" [ssl/ssl_lib.c] function, which could be exploited by attackers to crash an affected application or potentially compromise a vulnerable server.
