CVE-2006-3738
UnknownEPSS 48.58%
Last modified
CVE-2006-3738 is a vulnerability of currently unknown severity. Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.. EPSS estimates a 48.58% chance of exploitation in the next 30 days.
Description
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.7 |
| Openssl | Openssl | 0.9.7a |
| Openssl | Openssl | 0.9.7b |
| Openssl | Openssl | 0.9.7c |
| Openssl | Openssl | 0.9.7d |
| Openssl | Openssl | 0.9.7e |
| Openssl | Openssl | 0.9.7f |
| Openssl | Openssl | 0.9.7g |
| Openssl | Openssl | 0.9.7h |
| Openssl | Openssl | 0.9.7i |
| Openssl | Openssl | 0.9.7j |
| Openssl | Openssl | 0.9.7k |
| Openssl | Openssl | 0.9.8 |
| Openssl | Openssl | 0.9.8a |
| Openssl | Openssl | 0.9.8b |
| Openssl | Openssl | 0.9.8c |
References
- http://secunia.com/advisories/22094Patch, Vendor Advisory
- http://secunia.com/advisories/22116Patch, Vendor Advisory
- http://secunia.com/advisories/22130Patch, Vendor Advisory
- http://secunia.com/advisories/22165Patch, Vendor Advisory
- http://secunia.com/advisories/22166Patch, Vendor Advisory
- http://secunia.com/advisories/22172Patch, Vendor Advisory
- http://secunia.com/advisories/22186Patch, Vendor Advisory
- http://secunia.com/advisories/22193Patch, Vendor Advisory
- http://secunia.com/advisories/22207Patch, Vendor Advisory
- http://secunia.com/advisories/22212Patch, Vendor Advisory
- http://secunia.com/advisories/22216Patch, Vendor Advisory
- http://secunia.com/advisories/22220Patch, Vendor Advisory
- http://secunia.com/advisories/22240Patch, Vendor Advisory
- http://secunia.com/advisories/22259Patch, Vendor Advisory
- http://secunia.com/advisories/22260Patch, Vendor Advisory
- http://secunia.com/advisories/22284Patch, Vendor Advisory
- http://secunia.com/advisories/22330Patch, Vendor Advisory
- http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascPatch, Vendor Advisory
- http://www.debian.org/security/2006/dsa-1195Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/547300US Government Resource
- http://www.novell.com/linux/security/advisories/2006_24_sr.htmlPatch, Vendor Advisory
- http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlPatch, Vendor Advisory
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlPatch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlUS Government Resource
- http://secunia.com/advisories/22094Patch, Vendor Advisory
- http://secunia.com/advisories/22116Patch, Vendor Advisory
- http://secunia.com/advisories/22130Patch, Vendor Advisory
- http://secunia.com/advisories/22165Patch, Vendor Advisory
- http://secunia.com/advisories/22166Patch, Vendor Advisory
- http://secunia.com/advisories/22172Patch, Vendor Advisory
- http://secunia.com/advisories/22186Patch, Vendor Advisory
- http://secunia.com/advisories/22193Patch, Vendor Advisory
- http://secunia.com/advisories/22207Patch, Vendor Advisory
- http://secunia.com/advisories/22212Patch, Vendor Advisory
- http://secunia.com/advisories/22216Patch, Vendor Advisory
- http://secunia.com/advisories/22220Patch, Vendor Advisory
- http://secunia.com/advisories/22240Patch, Vendor Advisory
- http://secunia.com/advisories/22259Patch, Vendor Advisory
- http://secunia.com/advisories/22260Patch, Vendor Advisory
- http://secunia.com/advisories/22284Patch, Vendor Advisory
- http://secunia.com/advisories/22330Patch, Vendor Advisory
- http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.ascPatch, Vendor Advisory
- http://www.debian.org/security/2006/dsa-1195Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/547300US Government Resource
- http://www.novell.com/linux/security/advisories/2006_24_sr.htmlPatch, Vendor Advisory
- http://www.novell.com/linux/security/advisories/2006_58_openssl.htmlPatch, Vendor Advisory
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.htmlPatch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-3738?
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
How severe is CVE-2006-3738?
Severity scoring for CVE-2006-3738 is pending analysis. The EPSS model estimates a 48.58% probability of exploitation in the next 30 days.
How do I fix CVE-2006-3738?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-3738?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST