[openssl security] Off-by-one error in the DTLS implementation (CVE-2007-4995)
Bug #153085 reported by
Matti Lindell
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
openssl097 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: openssl
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f and 0.9.7 allow remote attackers to execute arbitrary code via unspecified vectors. http://
I couldn't find changelog entry describing CVE-2007-4995 as fixed, so it probably isn't yet.
Gutsy,Feisty,(Edgy) and Dapper are affected.
CVE References
description: | updated |
Changed in openssl: | |
status: | In Progress → Fix Committed |
Changed in openssl: | |
importance: | Undecided → High |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thanks for the report! From what we've been able to tell, nothing is actually using the DTLS implementation yet, which makes this a less critical issue. But we will be releasing updates. :)