CVE-2007-4995
Summary
| CVE | CVE-2007-4995 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-13 01:17:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openssl | Openssl | 0.9.8 | All | All | All |
| Application | Openssl | Openssl | 0.9.8a | All | All | All |
| Application | Openssl | Openssl | 0.9.8b | All | All | All |
| Application | Openssl | Openssl | 0.9.8c | All | All | All |
| Application | Openssl | Openssl | 0.9.8d | All | All | All |
| Application | Openssl | Openssl | 0.9.8e | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mandriva update for openssl - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Support / Security / Advisories / / MDKSA-2007:237 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| HP-UX update for OpenSSL - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Debian OpenSSL Predictable Random Number Generator and Update - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| www.openssl.org/news/secadv_20071012.txt | af854a3a-2127-422b-91ae-364da2661108 | www.openssl.org | Patch |
| Gentoo Linux Documentation -- OpenSSL: Remote execution of arbitrary code | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| OpenSSL DTLS Heap Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| SUSE Updates for Multiple Packages - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Gentoo update for openssl - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Vendor Advisory |
| Nortel Media Processing Server OpenSSL Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| USN-534-1: OpenSSL vulnerability | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| Debian -- Security Information -- DSA-1571-1 openssl | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp | af854a3a-2127-422b-91ae-364da2661108 | h20000.www2.hp.com | |
| OpenSSL DTLS Implementation Vulnerability - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Linux Terminal Server Project: Multiple vulnerabilities — Gentoo Linux Documentation | af854a3a-2127-422b-91ae-364da2661108 | www.gentoo.org | |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Ubuntu update for OpenSSL - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| [security-announce] SUSE Security Summary Report SUSE-SR:2007:021 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Gentoo Bug 195634 - dev-libs/openssl < 0.9.8f DTLS vulnerability (CVE-2007-4995) | af854a3a-2127-422b-91ae-364da2661108 | bugs.gentoo.org | |
| Nortel: Technical Support: Nortel Response to OpenSSL DTLS Heap Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | support.nortel.com | |
| Red Hat update for openssl - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| [SECURITY] Fedora Core 6 Update: openssl-0.9.8b-15.fc6 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Fedora update for openssl - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Gentoo ltsp Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| SecurityTracker.com Archives - OpenSSL DTLS Bug May Let Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-10-24 | Mark J Cox | This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to correct this issue for Enterprise Linux 5 is available. http://rhn.redhat.com/cve/CVE-2007-4995.html Please note that the CVE description is incorrect, this issue did not affect upstream versions of OpenSSL prior to 0.9.8. |
Legacy QID Mappings
- 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)