CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-3738

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile13.24th
Published2006年9月28日
Last Modified2026年4月23日

Vulnerability Description

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.

Affected Platforms (CPE)

📦
Openssl

Openssl

= 0.9.7
📦
Openssl

Openssl

= 0.9.7a
📦
Openssl

Openssl

= 0.9.7b
📦
Openssl

Openssl

= 0.9.7c
📦
Openssl

Openssl

= 0.9.7d
📦
Openssl

Openssl

= 0.9.7e
📦
Openssl

Openssl

= 0.9.7f
📦
Openssl

Openssl

= 0.9.7g
📦
Openssl

Openssl

= 0.9.7h
📦
Openssl

Openssl

= 0.9.7i
📦
Openssl

Openssl

= 0.9.7j
📦
Openssl

Openssl

= 0.9.7k
📦
Openssl

Openssl

= 0.9.8
📦
Openssl

Openssl

= 0.9.8a
📦
Openssl

Openssl

= 0.9.8b
📦
Openssl

Openssl

= 0.9.8c

References & Advisories

🔗 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
🔗 ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
🔗 http://docs.info.apple.com/article.html?artnum=304829
🔗 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
🔗 http://issues.rpath.com/browse/RPL-613
🔗 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
🔗 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
🔗 http://kolab.org/security/kolab-vendor-notice-11.txt

関連する脆弱性情報

CVE-2009-324510.0

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/...

CVE-2004-060710.0

The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could ...

CVE-2019-102119.8

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code ...

CVE-2018-209979.8

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.