Bug 305811 - CVE-NONE openssl single byte overflow in SSL_get_shared_ciphers
Summary: CVE-NONE openssl single byte overflow in SSL_get_shared_ciphers
Keywords:
Status: CLOSED DUPLICATE of bug 309801
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-25 18:34 UTC by Mark J. Cox
Modified: 2007-09-27 19:40 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-09-27 19:40:38 UTC
Embargoed:


Attachments (Terms of Use)

Description Mark J. Cox 2007-09-25 18:34:34 UTC
The following upstream commit was made this week:
http://cvs.openssl.org/chngview?cn=16587

This appears to be a single byte overflow, similar to the overflow in
SSL_get_shared_ciphers() fixed by CVE-2006-3738 (but this time limited to a
single NUL overflow).

Comment 1 Mark J. Cox 2007-09-27 19:40:38 UTC

*** This bug has been marked as a duplicate of 309801 ***


Note You need to log in before you can comment on or make changes to this bug.