Search for packages
| purl | pkg:openssl/openssl@0.9.6l |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3j45-cwzm-aaam
Aliases: CVE-2006-3738 VC-OPENSSL-20060928-CVE-2006-3738 |
A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-jpd6-6mb9-aaam
Aliases: CVE-2006-2940 VC-OPENSSL-20060928-CVE-2006-2940 |
Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-p6x2-eazm-aaae
Aliases: CVE-2004-0975 VC-OPENSSL-20040930-CVE-2004-0975 |
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution. |
Affected by 6 other vulnerabilities. |
|
VCID-rbtq-713d-aaap
Aliases: CVE-2006-4343 VC-OPENSSL-20060928-CVE-2006-4343 |
A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-tjnv-wy4x-aaaa
Aliases: CVE-2004-0079 VC-OPENSSL-20040317-CVE-2004-0079 |
The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. |
Affected by 6 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-vkat-mpxv-aaad
Aliases: CVE-2006-4339 VC-OPENSSL-20060905-CVE-2006-4339 |
Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures where under certain circumstances it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by OpenSSL. |
Affected by 4 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
VCID-ye43-arpb-aaab
Aliases: CVE-2005-2969 VC-OPENSSL-20051011-CVE-2005-2969 |
A deprecated option, SSL_OP_MISE_SSLV2_RSA_PADDING, could allow an attacker acting as a "man in the middle" to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. |
Affected by 5 other vulnerabilities. Affected by 61 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-k1qf-cb5w-aaaj | A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences which would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them. |
CVE-2003-0851
VC-OPENSSL-20031104-CVE-2003-0851 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:48.835689+00:00 | OpenSSL Importer | Affected by | VCID-rbtq-713d-aaap | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.653057+00:00 | OpenSSL Importer | Affected by | VCID-3j45-cwzm-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.467046+00:00 | OpenSSL Importer | Affected by | VCID-jpd6-6mb9-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.178368+00:00 | OpenSSL Importer | Affected by | VCID-vkat-mpxv-aaad | https://www.openssl.org/news/secadv/20060905.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.005645+00:00 | OpenSSL Importer | Affected by | VCID-ye43-arpb-aaab | https://www.openssl.org/news/secadv/20051011.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.852654+00:00 | OpenSSL Importer | Affected by | VCID-p6x2-eazm-aaae | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:47.624529+00:00 | OpenSSL Importer | Affected by | VCID-tjnv-wy4x-aaaa | https://www.openssl.org/news/secadv/20040317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.559788+00:00 | OpenSSL Importer | Fixing | VCID-k1qf-cb5w-aaaj | https://www.openssl.org/news/secadv/20031104.txt | 34.0.0rc1 |