Search for packages
| purl | pkg:openssl/openssl@0.9.7d |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-31sj-sdmb-aaaq
Aliases: CVE-2006-2937 VC-OPENSSL-20060928-CVE-2006-2937 |
During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-3j45-cwzm-aaam
Aliases: CVE-2006-3738 VC-OPENSSL-20060928-CVE-2006-3738 |
A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-jpd6-6mb9-aaam
Aliases: CVE-2006-2940 VC-OPENSSL-20060928-CVE-2006-2940 |
Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-p6x2-eazm-aaae
Aliases: CVE-2004-0975 VC-OPENSSL-20040930-CVE-2004-0975 |
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution. |
Affected by 6 other vulnerabilities. |
|
VCID-rbtq-713d-aaap
Aliases: CVE-2006-4343 VC-OPENSSL-20060928-CVE-2006-4343 |
A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-vkat-mpxv-aaad
Aliases: CVE-2006-4339 VC-OPENSSL-20060905-CVE-2006-4339 |
Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures where under certain circumstances it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by OpenSSL. |
Affected by 4 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
VCID-ye43-arpb-aaab
Aliases: CVE-2005-2969 VC-OPENSSL-20051011-CVE-2005-2969 |
A deprecated option, SSL_OP_MISE_SSLV2_RSA_PADDING, could allow an attacker acting as a "man in the middle" to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. |
Affected by 5 other vulnerabilities. Affected by 61 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6qtp-pd6p-aaaf | A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. |
CVE-2004-0112
VC-OPENSSL-20040317-CVE-2004-0112 |
| VCID-tjnv-wy4x-aaaa | The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. |
CVE-2004-0079
VC-OPENSSL-20040317-CVE-2004-0079 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:48.696790+00:00 | OpenSSL Importer | Affected by | VCID-rbtq-713d-aaap | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.513099+00:00 | OpenSSL Importer | Affected by | VCID-3j45-cwzm-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.328814+00:00 | OpenSSL Importer | Affected by | VCID-jpd6-6mb9-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.221259+00:00 | OpenSSL Importer | Affected by | VCID-31sj-sdmb-aaaq | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.048827+00:00 | OpenSSL Importer | Affected by | VCID-vkat-mpxv-aaad | https://www.openssl.org/news/secadv/20060905.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.900761+00:00 | OpenSSL Importer | Affected by | VCID-ye43-arpb-aaab | https://www.openssl.org/news/secadv/20051011.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.774109+00:00 | OpenSSL Importer | Affected by | VCID-p6x2-eazm-aaae | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:47.734343+00:00 | OpenSSL Importer | Fixing | VCID-6qtp-pd6p-aaaf | https://www.openssl.org/news/secadv/20040317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.659838+00:00 | OpenSSL Importer | Fixing | VCID-tjnv-wy4x-aaaa | https://www.openssl.org/news/secadv/20040317.txt | 34.0.0rc1 |