Search for vulnerabilities
Vulnerability details: VCID-k31u-myhz-aaan
Vulnerability ID VCID-k31u-myhz-aaan
Aliases CVE-2007-4995
VC-OPENSSL-20071012-CVE-2007-4995
Summary A flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:0964
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.0918 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.09873 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.13953 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.17114 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.36080 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.36080 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.36080 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
epss 0.36080 https://api.first.org/data/v1/epss?cve=CVE-2007-4995
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=321191
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2007-4995
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=195634
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4995.json
https://api.first.org/data/v1/epss?cve=CVE-2007-4995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995
http://secunia.com/advisories/25878
http://secunia.com/advisories/27205
http://secunia.com/advisories/27217
http://secunia.com/advisories/27271
http://secunia.com/advisories/27363
http://secunia.com/advisories/27434
http://secunia.com/advisories/27933
http://secunia.com/advisories/28084
http://secunia.com/advisories/30161
http://secunia.com/advisories/30220
http://secunia.com/advisories/30852
http://security.gentoo.org/glsa/glsa-200710-30.xml
http://securitytracker.com/id?1018810
https://exchange.xforce.ibmcloud.com/vulnerabilities/37185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962
https://usn.ubuntu.com/534-1/
https://www.openssl.org/news/secadv/20071012.txt
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html
http://www.debian.org/security/2008/dsa-1571
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:237
http://www.openssl.org/news/secadv_20071012.txt
http://www.redhat.com/support/errata/RHSA-2007-0964.html
http://www.securityfocus.com/archive/1/482167/100/0/threaded
http://www.securityfocus.com/bid/26055
http://www.vupen.com/english/advisories/2007/3487
http://www.vupen.com/english/advisories/2007/4219
http://www.vupen.com/english/advisories/2008/1937/references
321191 https://bugzilla.redhat.com/show_bug.cgi?id=321191
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
CVE-2007-4995 https://nvd.nist.gov/vuln/detail/CVE-2007-4995
GLSA-200710-30 https://security.gentoo.org/glsa/200710-30
GLSA-201412-11 https://security.gentoo.org/glsa/201412-11
RHSA-2007:0964 https://access.redhat.com/errata/RHSA-2007:0964
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-4995
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91922
EPSS Score 0.0918
Published At March 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.