VulnerableCode Package Details - pkg:ebuild/dev-libs/openssl@0.9.8f

Search for packages

Vulnerability	Summary	Fixed by
VCID-8ev4-wfhv-aaah Aliases: CVE-2008-0891 VC-OPENSSL-20080528-CVE-2008-0891	Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash.	0.9.8g-r2 Affected by 0 other vulnerabilities.
VCID-cfsd-mafb-aaaq Aliases: CVE-2008-1672 VC-OPENSSL-20080528-CVE-2008-1672	Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash.	0.9.8g-r2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8ev4-wfhv-aaah
Aliases:
CVE-2008-0891
VC-OPENSSL-20080528-CVE-2008-0891

Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash.

0.9.8g-r2
Affected by 0 other vulnerabilities.

VCID-cfsd-mafb-aaaq
Aliases:
CVE-2008-1672
VC-OPENSSL-20080528-CVE-2008-1672

Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash.

0.9.8g-r2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-k31u-myhz-aaan	A flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified.	CVE-2007-4995 VC-OPENSSL-20071012-CVE-2007-4995

Vulnerability

Summary

Aliases

VCID-k31u-myhz-aaan

A flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified.

CVE-2007-4995
VC-OPENSSL-20071012-CVE-2007-4995

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T13:10:12.290766+00:00	Gentoo Importer	Fixing	VCID-k31u-myhz-aaan	https://security.gentoo.org/glsa/200710-30	36.0.0
2025-03-28T12:38:41.319300+00:00	Gentoo Importer	Affected by	VCID-cfsd-mafb-aaaq	https://security.gentoo.org/glsa/200806-08	36.0.0
2025-03-28T12:38:41.301738+00:00	Gentoo Importer	Affected by	VCID-8ev4-wfhv-aaah	https://security.gentoo.org/glsa/200806-08	36.0.0
2024-09-18T08:04:26.154927+00:00	Gentoo Importer	Fixing	VCID-k31u-myhz-aaan	https://security.gentoo.org/glsa/200710-30	34.0.1
2024-09-18T07:32:24.242516+00:00	Gentoo Importer	Affected by	VCID-cfsd-mafb-aaaq	https://security.gentoo.org/glsa/200806-08	34.0.1
2024-09-18T07:32:24.216302+00:00	Gentoo Importer	Affected by	VCID-8ev4-wfhv-aaah	https://security.gentoo.org/glsa/200806-08	34.0.1
2024-01-04T02:09:04.916312+00:00	Gentoo Importer	Fixing	VCID-k31u-myhz-aaan	https://security.gentoo.org/glsa/200710-30	34.0.0rc1
2024-01-04T01:38:51.621629+00:00	Gentoo Importer	Affected by	VCID-cfsd-mafb-aaaq	https://security.gentoo.org/glsa/200806-08	34.0.0rc1
2024-01-04T01:38:51.600920+00:00	Gentoo Importer	Affected by	VCID-8ev4-wfhv-aaah	https://security.gentoo.org/glsa/200806-08	34.0.0rc1