VulnerableCode Package Details - pkg:ebuild/dev-libs/openssl@0.9.7d

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6qtp-pd6p-aaaf	A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected.	CVE-2004-0112 VC-OPENSSL-20040317-CVE-2004-0112
VCID-cs8h-mu82-aaaj	The Codenomicon TLS Test Tool found that some unknown message types were handled incorrectly, allowing a remote attacker to cause a denial of service (infinite loop).	CVE-2004-0081 VC-OPENSSL-20040317-CVE-2004-0081
VCID-tjnv-wy4x-aaaa	The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash.	CVE-2004-0079 VC-OPENSSL-20040317-CVE-2004-0079

Vulnerability

Summary

Aliases

VCID-6qtp-pd6p-aaaf

A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected.

CVE-2004-0112
VC-OPENSSL-20040317-CVE-2004-0112

VCID-cs8h-mu82-aaaj

The Codenomicon TLS Test Tool found that some unknown message types were handled incorrectly, allowing a remote attacker to cause a denial of service (infinite loop).

CVE-2004-0081
VC-OPENSSL-20040317-CVE-2004-0081

VCID-tjnv-wy4x-aaaa

The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash.

CVE-2004-0079
VC-OPENSSL-20040317-CVE-2004-0079

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T12:39:52.292902+00:00	Gentoo Importer	Fixing	VCID-6qtp-pd6p-aaaf	https://security.gentoo.org/glsa/200403-03	36.0.0
2025-03-28T12:39:52.263634+00:00	Gentoo Importer	Fixing	VCID-cs8h-mu82-aaaj	https://security.gentoo.org/glsa/200403-03	36.0.0
2025-03-28T12:39:52.234402+00:00	Gentoo Importer	Fixing	VCID-tjnv-wy4x-aaaa	https://security.gentoo.org/glsa/200403-03	36.0.0
2024-09-18T07:33:40.117093+00:00	Gentoo Importer	Fixing	VCID-6qtp-pd6p-aaaf	https://security.gentoo.org/glsa/200403-03	34.0.1
2024-09-18T07:33:40.080174+00:00	Gentoo Importer	Fixing	VCID-cs8h-mu82-aaaj	https://security.gentoo.org/glsa/200403-03	34.0.1
2024-09-18T07:33:40.041690+00:00	Gentoo Importer	Fixing	VCID-tjnv-wy4x-aaaa	https://security.gentoo.org/glsa/200403-03	34.0.1
2024-01-04T01:40:03.114785+00:00	Gentoo Importer	Fixing	VCID-6qtp-pd6p-aaaf	https://security.gentoo.org/glsa/200403-03	34.0.0rc1
2024-01-04T01:40:03.075288+00:00	Gentoo Importer	Fixing	VCID-cs8h-mu82-aaaj	https://security.gentoo.org/glsa/200403-03	34.0.0rc1
2024-01-04T01:40:03.039365+00:00	Gentoo Importer	Fixing	VCID-tjnv-wy4x-aaaa	https://security.gentoo.org/glsa/200403-03	34.0.0rc1