Search for packages
| purl | pkg:openssl/openssl@0.9.7c |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-31sj-sdmb-aaaq
Aliases: CVE-2006-2937 VC-OPENSSL-20060928-CVE-2006-2937 |
During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-3j45-cwzm-aaam
Aliases: CVE-2006-3738 VC-OPENSSL-20060928-CVE-2006-3738 |
A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-6qtp-pd6p-aaaf
Aliases: CVE-2004-0112 VC-OPENSSL-20040317-CVE-2004-0112 |
A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. |
Affected by 7 other vulnerabilities. |
|
VCID-jpd6-6mb9-aaam
Aliases: CVE-2006-2940 VC-OPENSSL-20060928-CVE-2006-2940 |
Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-p6x2-eazm-aaae
Aliases: CVE-2004-0975 VC-OPENSSL-20040930-CVE-2004-0975 |
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution. |
Affected by 6 other vulnerabilities. |
|
VCID-rbtq-713d-aaap
Aliases: CVE-2006-4343 VC-OPENSSL-20060928-CVE-2006-4343 |
A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-tjnv-wy4x-aaaa
Aliases: CVE-2004-0079 VC-OPENSSL-20040317-CVE-2004-0079 |
The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. |
Affected by 7 other vulnerabilities. |
|
VCID-vkat-mpxv-aaad
Aliases: CVE-2006-4339 VC-OPENSSL-20060905-CVE-2006-4339 |
Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures where under certain circumstances it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by OpenSSL. |
Affected by 4 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
VCID-ye43-arpb-aaab
Aliases: CVE-2005-2969 VC-OPENSSL-20051011-CVE-2005-2969 |
A deprecated option, SSL_OP_MISE_SSLV2_RSA_PADDING, could allow an attacker acting as a "man in the middle" to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. |
Affected by 5 other vulnerabilities. Affected by 61 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-j94u-8tzs-aaab | Certain ASN.1 encodings that were rejected as invalid by the parser could trigger a bug in the deallocation of the corresponding data structure, corrupting the stack, leading to a crash. |
CVE-2003-0545
VC-OPENSSL-20030930-CVE-2003-0545 |
| VCID-sff8-8d57-aaac | An integer overflow could allow remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. |
CVE-2003-0543
VC-OPENSSL-20030930-CVE-2003-0543 |
| VCID-zufg-a7kh-aaak | Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service (crash) by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. |
CVE-2003-0544
VC-OPENSSL-20030930-CVE-2003-0544 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:48.691932+00:00 | OpenSSL Importer | Affected by | VCID-rbtq-713d-aaap | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.508365+00:00 | OpenSSL Importer | Affected by | VCID-3j45-cwzm-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.324224+00:00 | OpenSSL Importer | Affected by | VCID-jpd6-6mb9-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.216713+00:00 | OpenSSL Importer | Affected by | VCID-31sj-sdmb-aaaq | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.044218+00:00 | OpenSSL Importer | Affected by | VCID-vkat-mpxv-aaad | https://www.openssl.org/news/secadv/20060905.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.895936+00:00 | OpenSSL Importer | Affected by | VCID-ye43-arpb-aaab | https://www.openssl.org/news/secadv/20051011.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.769505+00:00 | OpenSSL Importer | Affected by | VCID-p6x2-eazm-aaae | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:47.729704+00:00 | OpenSSL Importer | Affected by | VCID-6qtp-pd6p-aaaf | https://www.openssl.org/news/secadv/20040317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.655149+00:00 | OpenSSL Importer | Affected by | VCID-tjnv-wy4x-aaaa | https://www.openssl.org/news/secadv/20040317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.534879+00:00 | OpenSSL Importer | Fixing | VCID-j94u-8tzs-aaab | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.436345+00:00 | OpenSSL Importer | Fixing | VCID-zufg-a7kh-aaak | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.404739+00:00 | OpenSSL Importer | Fixing | VCID-sff8-8d57-aaac | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |