Vulnerability Description
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.7 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://docs.info.apple.com/article.html?artnum=304829
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
- http://issues.rpath.com/browse/RPL-613
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
- http://kolab.org/security/kolab-vendor-notice-11.txtPatch
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.htmlPatch
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://openbsd.org/errata.html#openssl2Patch
- http://openvpn.net/changelog.htmlPatch
- http://secunia.com/advisories/22094PatchVendor Advisory
- http://secunia.com/advisories/22116PatchVendor Advisory
FAQ
What is CVE-2006-3738?
CVE-2006-3738 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list ...
How severe is CVE-2006-3738?
CVE-2006-3738 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3738?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.