製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenSSL の SSL_get_shared_ciphers() 関数における一つずれエラーの脆弱性

Title	OpenSSL の SSL_get_shared_ciphers() 関数における一つずれエラーの脆弱性
Summary	OpenSSL の SSL_get_shared_ciphers() 関数には、一つずれ (off-by-one) エラーによる、1byte バッファアンダーフローが発生する脆弱性が存在します。
Possible impacts	第三者により巧妙に作成されたパケットにより任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 12, 2007, midnight
Registration Date	Oct. 24, 2007, 3:52 p.m.
Last Update	Jan. 5, 2010, 1:31 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

サン・マイクロシステムズ

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

レッドハット

Red Hat Enterprise Linux 2.1 (as)

Red Hat Enterprise Linux 2.1 (es)

Red Hat Enterprise Linux 2.1 (ws)

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Linux Advanced Workstation 2.1

RHEL Desktop Workstation 5 (client)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

OpenSSL Project

OpenSSL 0.9.7 から 0.9.7m のバージョン

OpenSSL 0.9.8 から 0.9.8f 未満のバージョン

ターボリナックス

Turbolinux Appliance Server 1.0 (hosting)

Turbolinux Appliance Server 1.0 (workgroup)

Turbolinux Appliance Server 2.0

Turbolinux FUJI

Turbolinux Multimedia

Turbolinux Personal

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 11

Turbolinux Server 11 (x64)

Turbolinux Server 8

wizpy

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5.4

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-5135	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
National Vulnerability Database (NVD)
2	CVE-2007-5135	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	Security Update 2008-005	http://support.apple.com/kb/HT2647
Apple セキュリティアップデート
2	Security Update 2008-005	http://support.apple.com/kb/HT2647?viewlocale=ja_JP
HP Security Bulletin
3	HPSBUX02292	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01290398
HP セキュリティ報告
4	HPSBUX02292	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02292.html
MIRACLE LINUX アップデート情報
5	openssl (V2.x/V3.0)	http://www.miraclelinux.com/support/update/list.php?errata_id=1149
6	openssl (V4.0)	http://www.miraclelinux.com/support/update/list.php?errata_id=1189
OpenSSL Security Advisory
7	secadv_20071012	http://www.openssl.org/news/secadv_20071012.txt
Red Hat Security Advisory
8	RHSA-2007:0813	https://rhn.redhat.com/errata/RHSA-2007-0813.html
9	RHSA-2007:0964	https://rhn.redhat.com/errata/RHSA-2007-0964.html
10	RHSA-2007:1003	https://rhn.redhat.com/errata/RHSA-2007-1003.html
Sun Alert Notification
11	200858	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
Turbolinux Security Advisory (英語)
12	TLSA-2007-52	http://www.turbolinux.com/security/2007/TLSA-2007-52.txt
レッドハットセキュリティーアップデート
13	RHSA-2007:0813	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0813J.html
14	RHSA-2007:0964	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0964J.html
15	RHSA-2007:1003	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-1003J.html
製品セキュリティ情報
16	TLSA-2007-52	http://www.turbolinux.co.jp/security/2007/TLSA-2007-52j.txt

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2007-3325	http://www.frsirt.com/english/advisories/2007/3325
Secunia Advisory
2	SA22130	http://secunia.com/advisories/22130/
SecurityFocus
3	25831	http://www.securityfocus.com/bid/25831

Change Log

No	Changed Details	Date of change
0	[2007年10月24日] 掲載 [2007年11月02日] 影響を受けるシステム：サン・マイクロシステムズ (103130) の情報追加。影響を受けるシステム：ミラクル・リナックス (openssl (V2.x/V3.0)) の情報追加。ベンダ情報：サン・マイクロシステムズ（103130）追加。ベンダ情報: ミラクル・リナックス (openssl (V2.x/V3.0)) 追加。 [2007年12月03日] 影響を受けるシステム：ターボリナックス (TLSA-2007-52) の情報追加。影響を受けるシステム：レッドハット (RHSA-2007:1003) の情報追加。影響を受けるシステム：ヒューレット・パッカード (HPSBUX02292) の情報追加。ベンダ情報：ターボリナックス (TLSA-2007-52) 追加。ベンダ情報：レッドハット (RHSA-2007:1003) 追加。ベンダ情報：ヒューレット・パッカード (HPSBUX02292) 追加。 [2007年12月19日] 影響を受けるシステム：ミラクル・リナックス (openssl (V4.0)) の情報追加。ベンダ情報: ミラクル・リナックス (openssl (V4.0)) 追加。 [2008年09月02日] 影響を受けるシステム：アップル（Security Update 2008-005）の情報を追加ベンダ情報：アップル（Security Update 2008-005）を追加 [2010年01月05日] 影響を受けるシステム：OpenSSL Project の情報を修正	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-5135

Summary	Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Summary	Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un paquete diseñado que desencadena un subdesbordamiento de búfer de un byte. NOTA: este problema fue introducido como resultado de una corrección para CVE-2006-3738. A partir de 20071012, se desconoce si es posible la ejecución de código.
Publication Date	Sept. 28, 2007, 5:17 a.m.
Registration Date	Jan. 29, 2021, 2:20 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc	cve@mitre.org
2	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html	cve@mitre.org
3	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	cve@mitre.org
4	http://lists.vmware.com/pipermail/security-announce/2008/000002.html	cve@mitre.org
5	http://secunia.com/advisories/22130	cve@mitre.org
6	http://secunia.com/advisories/27012	cve@mitre.org
7	http://secunia.com/advisories/27021	cve@mitre.org
8	http://secunia.com/advisories/27031	cve@mitre.org
9	http://secunia.com/advisories/27051	cve@mitre.org
10	http://secunia.com/advisories/27078	cve@mitre.org
11	http://secunia.com/advisories/27097	cve@mitre.org
12	http://secunia.com/advisories/27186	cve@mitre.org
13	http://secunia.com/advisories/27205	cve@mitre.org
14	http://secunia.com/advisories/27217	cve@mitre.org
15	http://secunia.com/advisories/27229	cve@mitre.org
16	http://secunia.com/advisories/27330	cve@mitre.org
17	http://secunia.com/advisories/27394	cve@mitre.org
18	http://secunia.com/advisories/27851	cve@mitre.org
19	http://secunia.com/advisories/27870	cve@mitre.org
20	http://secunia.com/advisories/27961	cve@mitre.org
21	http://secunia.com/advisories/28368	cve@mitre.org
22	http://secunia.com/advisories/29242	cve@mitre.org
23	http://secunia.com/advisories/30124	cve@mitre.org
24	http://secunia.com/advisories/30161	cve@mitre.org
25	http://secunia.com/advisories/31308	cve@mitre.org
26	http://secunia.com/advisories/31326	cve@mitre.org
27	http://secunia.com/advisories/31467	cve@mitre.org
28	http://secunia.com/advisories/31489	cve@mitre.org
29	http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc	cve@mitre.org
30	http://security.gentoo.org/glsa/glsa-200710-06.xml	cve@mitre.org
31	http://securityreason.com/securityalert/3179	cve@mitre.org
32	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1	cve@mitre.org
33	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1	cve@mitre.org
34	http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm	cve@mitre.org
35	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241	cve@mitre.org
36	http://www.debian.org/security/2007/dsa-1379	cve@mitre.org
37	http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	cve@mitre.org
38	http://www.mandriva.com/security/advisories?name=MDKSA-2007:193	cve@mitre.org
39	http://www.novell.com/linux/security/advisories/2007_20_sr.html	cve@mitre.org
40	http://www.openbsd.org/errata40.html	cve@mitre.org
41	http://www.openbsd.org/errata41.html	cve@mitre.org
42	http://www.openbsd.org/errata42.html	cve@mitre.org
43	http://www.openssl.org/news/secadv_20071012.txt	cve@mitre.org
44	http://www.redhat.com/support/errata/RHSA-2007-0813.html	cve@mitre.org
45	http://www.redhat.com/support/errata/RHSA-2007-0964.html	cve@mitre.org
46	http://www.redhat.com/support/errata/RHSA-2007-1003.html	cve@mitre.org
47	http://www.securityfocus.com/archive/1/480855/100/0/threaded	cve@mitre.org
48	http://www.securityfocus.com/archive/1/481217/100/0/threaded	cve@mitre.org
49	http://www.securityfocus.com/archive/1/481488/100/0/threaded	cve@mitre.org
50	http://www.securityfocus.com/archive/1/481506/100/0/threaded	cve@mitre.org
51	http://www.securityfocus.com/archive/1/484353/100/0/threaded	cve@mitre.org
52	http://www.securityfocus.com/archive/1/485936/100/0/threaded	cve@mitre.org
53	http://www.securityfocus.com/archive/1/486859/100/0/threaded	cve@mitre.org
54	http://www.securityfocus.com/bid/25831	cve@mitre.org
55	http://www.securitytracker.com/id?1018755	cve@mitre.org
56	http://www.vmware.com/security/advisories/VMSA-2008-0001.html	cve@mitre.org
57	http://www.vmware.com/security/advisories/VMSA-2008-0013.html	cve@mitre.org
58	http://www.vupen.com/english/advisories/2007/3325	cve@mitre.org
59	http://www.vupen.com/english/advisories/2007/3625	cve@mitre.org
60	http://www.vupen.com/english/advisories/2007/4042	cve@mitre.org
61	http://www.vupen.com/english/advisories/2007/4144	cve@mitre.org
62	http://www.vupen.com/english/advisories/2008/0064	cve@mitre.org
63	http://www.vupen.com/english/advisories/2008/2268	cve@mitre.org
64	http://www.vupen.com/english/advisories/2008/2361	cve@mitre.org
65	http://www.vupen.com/english/advisories/2008/2362	cve@mitre.org
66	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037	cve@mitre.org
67	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038	cve@mitre.org
68	https://bugs.gentoo.org/show_bug.cgi?id=194039	cve@mitre.org
69	https://exchange.xforce.ibmcloud.com/vulnerabilities/36837	cve@mitre.org
70	https://issues.rpath.com/browse/RPL-1769	cve@mitre.org
71	https://issues.rpath.com/browse/RPL-1770	cve@mitre.org
72	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904	cve@mitre.org
73	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337	cve@mitre.org
74	https://usn.ubuntu.com/522-1/	cve@mitre.org
75	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html	cve@mitre.org
76	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc	af854a3a-2127-422b-91ae-364da2661108
77	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html	af854a3a-2127-422b-91ae-364da2661108
78	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
79	http://lists.vmware.com/pipermail/security-announce/2008/000002.html	af854a3a-2127-422b-91ae-364da2661108
80	http://secunia.com/advisories/22130	af854a3a-2127-422b-91ae-364da2661108
81	http://secunia.com/advisories/27012	af854a3a-2127-422b-91ae-364da2661108
82	http://secunia.com/advisories/27021	af854a3a-2127-422b-91ae-364da2661108
83	http://secunia.com/advisories/27031	af854a3a-2127-422b-91ae-364da2661108
84	http://secunia.com/advisories/27051	af854a3a-2127-422b-91ae-364da2661108
85	http://secunia.com/advisories/27078	af854a3a-2127-422b-91ae-364da2661108
86	http://secunia.com/advisories/27097	af854a3a-2127-422b-91ae-364da2661108
87	http://secunia.com/advisories/27186	af854a3a-2127-422b-91ae-364da2661108
88	http://secunia.com/advisories/27205	af854a3a-2127-422b-91ae-364da2661108
89	http://secunia.com/advisories/27217	af854a3a-2127-422b-91ae-364da2661108
90	http://secunia.com/advisories/27229	af854a3a-2127-422b-91ae-364da2661108
91	http://secunia.com/advisories/27330	af854a3a-2127-422b-91ae-364da2661108
92	http://secunia.com/advisories/27394	af854a3a-2127-422b-91ae-364da2661108
93	http://secunia.com/advisories/27851	af854a3a-2127-422b-91ae-364da2661108
94	http://secunia.com/advisories/27870	af854a3a-2127-422b-91ae-364da2661108
95	http://secunia.com/advisories/27961	af854a3a-2127-422b-91ae-364da2661108
96	http://secunia.com/advisories/28368	af854a3a-2127-422b-91ae-364da2661108
97	http://secunia.com/advisories/29242	af854a3a-2127-422b-91ae-364da2661108
98	http://secunia.com/advisories/30124	af854a3a-2127-422b-91ae-364da2661108
99	http://secunia.com/advisories/30161	af854a3a-2127-422b-91ae-364da2661108
100	http://secunia.com/advisories/31308	af854a3a-2127-422b-91ae-364da2661108
101	http://secunia.com/advisories/31326	af854a3a-2127-422b-91ae-364da2661108
102	http://secunia.com/advisories/31467	af854a3a-2127-422b-91ae-364da2661108
103	http://secunia.com/advisories/31489	af854a3a-2127-422b-91ae-364da2661108
104	http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc	af854a3a-2127-422b-91ae-364da2661108
105	http://security.gentoo.org/glsa/glsa-200710-06.xml	af854a3a-2127-422b-91ae-364da2661108
106	http://securityreason.com/securityalert/3179	af854a3a-2127-422b-91ae-364da2661108
107	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1	af854a3a-2127-422b-91ae-364da2661108
108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1	af854a3a-2127-422b-91ae-364da2661108
109	http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm	af854a3a-2127-422b-91ae-364da2661108
110	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241	af854a3a-2127-422b-91ae-364da2661108
111	http://www.debian.org/security/2007/dsa-1379	af854a3a-2127-422b-91ae-364da2661108
112	http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	af854a3a-2127-422b-91ae-364da2661108
113	http://www.mandriva.com/security/advisories?name=MDKSA-2007:193	af854a3a-2127-422b-91ae-364da2661108
114	http://www.novell.com/linux/security/advisories/2007_20_sr.html	af854a3a-2127-422b-91ae-364da2661108
115	http://www.openbsd.org/errata40.html	af854a3a-2127-422b-91ae-364da2661108
116	http://www.openbsd.org/errata41.html	af854a3a-2127-422b-91ae-364da2661108
117	http://www.openbsd.org/errata42.html	af854a3a-2127-422b-91ae-364da2661108
118	http://www.openssl.org/news/secadv_20071012.txt	af854a3a-2127-422b-91ae-364da2661108
119	http://www.redhat.com/support/errata/RHSA-2007-0813.html	af854a3a-2127-422b-91ae-364da2661108
120	http://www.redhat.com/support/errata/RHSA-2007-0964.html	af854a3a-2127-422b-91ae-364da2661108
121	http://www.redhat.com/support/errata/RHSA-2007-1003.html	af854a3a-2127-422b-91ae-364da2661108
122	http://www.securityfocus.com/archive/1/480855/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
123	http://www.securityfocus.com/archive/1/481217/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
124	http://www.securityfocus.com/archive/1/481488/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
125	http://www.securityfocus.com/archive/1/481506/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
126	http://www.securityfocus.com/archive/1/484353/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
127	http://www.securityfocus.com/archive/1/485936/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
128	http://www.securityfocus.com/archive/1/486859/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
129	http://www.securityfocus.com/bid/25831	af854a3a-2127-422b-91ae-364da2661108
130	http://www.securitytracker.com/id?1018755	af854a3a-2127-422b-91ae-364da2661108
131	http://www.vmware.com/security/advisories/VMSA-2008-0001.html	af854a3a-2127-422b-91ae-364da2661108
132	http://www.vmware.com/security/advisories/VMSA-2008-0013.html	af854a3a-2127-422b-91ae-364da2661108
133	http://www.vupen.com/english/advisories/2007/3325	af854a3a-2127-422b-91ae-364da2661108
134	http://www.vupen.com/english/advisories/2007/3625	af854a3a-2127-422b-91ae-364da2661108
135	http://www.vupen.com/english/advisories/2007/4042	af854a3a-2127-422b-91ae-364da2661108
136	http://www.vupen.com/english/advisories/2007/4144	af854a3a-2127-422b-91ae-364da2661108
137	http://www.vupen.com/english/advisories/2008/0064	af854a3a-2127-422b-91ae-364da2661108
138	http://www.vupen.com/english/advisories/2008/2268	af854a3a-2127-422b-91ae-364da2661108
139	http://www.vupen.com/english/advisories/2008/2361	af854a3a-2127-422b-91ae-364da2661108
140	http://www.vupen.com/english/advisories/2008/2362	af854a3a-2127-422b-91ae-364da2661108
141	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037	af854a3a-2127-422b-91ae-364da2661108
142	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038	af854a3a-2127-422b-91ae-364da2661108
143	https://bugs.gentoo.org/show_bug.cgi?id=194039	af854a3a-2127-422b-91ae-364da2661108
144	https://exchange.xforce.ibmcloud.com/vulnerabilities/36837	af854a3a-2127-422b-91ae-364da2661108
145	https://issues.rpath.com/browse/RPL-1769	af854a3a-2127-422b-91ae-364da2661108
146	https://issues.rpath.com/browse/RPL-1770	af854a3a-2127-422b-91ae-364da2661108
147	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904	af854a3a-2127-422b-91ae-364da2661108
148	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337	af854a3a-2127-422b-91ae-364da2661108
149	https://usn.ubuntu.com/522-1/	af854a3a-2127-422b-91ae-364da2661108
150	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*