Lucene search

K
opensslOpenSSLOPENSSL:CVE-2006-3738
HistorySep 28, 2006 - 12:00 a.m.

Vulnerability in OpenSSL - SSL_get_shared_ciphers() buffer overflow

2006-09-2800:00:00
www.openssl-library.org
46

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.964

Percentile

99.6%

A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer.

Found by openssl.

Affected configurations

Vulners
Node
opensslopensslRange0.9.7–0.9.7l
OR
opensslopensslRange0.9.8–0.9.8d
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.964

Percentile

99.6%