Description
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Remediation
References
Related Vulnerabilities
Oracle JRE Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3174)
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)
WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-3187)