CVE-2006-3738

Name	CVE-2006-3738
Description	Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1185-2, DSA-1195-1
Debian Bugs	389940

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
openssl (PTS)	bullseye	1.1.1w-0+deb11u1	fixed
	bullseye (security)	1.1.1w-0+deb11u2	fixed
	bookworm	3.0.15-1~deb12u1	fixed
	bookworm (security)	3.0.14-1~deb12u2	fixed
	sid, trixie	3.3.2-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
openssl	source	sarge	0.9.7e-3sarge4		DSA-1185-2
openssl	source	(unstable)	0.9.8c-2			389940
openssl096	source	sarge	0.9.6m-1sarge4		DSA-1195-1
openssl096	source	(unstable)	(unfixed)
openssl097	source	(unstable)	0.9.7k-2