Search for packages
| purl | pkg:openssl/openssl@0.9.7b |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-31sj-sdmb-aaaq
Aliases: CVE-2006-2937 VC-OPENSSL-20060928-CVE-2006-2937 |
During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-3j45-cwzm-aaam
Aliases: CVE-2006-3738 VC-OPENSSL-20060928-CVE-2006-3738 |
A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-6qtp-pd6p-aaaf
Aliases: CVE-2004-0112 VC-OPENSSL-20040317-CVE-2004-0112 |
A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. |
Affected by 7 other vulnerabilities. |
|
VCID-j94u-8tzs-aaab
Aliases: CVE-2003-0545 VC-OPENSSL-20030930-CVE-2003-0545 |
Certain ASN.1 encodings that were rejected as invalid by the parser could trigger a bug in the deallocation of the corresponding data structure, corrupting the stack, leading to a crash. |
Affected by 9 other vulnerabilities. |
|
VCID-jpd6-6mb9-aaam
Aliases: CVE-2006-2940 VC-OPENSSL-20060928-CVE-2006-2940 |
Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-p6x2-eazm-aaae
Aliases: CVE-2004-0975 VC-OPENSSL-20040930-CVE-2004-0975 |
The der_chop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant der_chop script, and this script was removed from the OpenSSL distribution. |
Affected by 6 other vulnerabilities. |
|
VCID-rbtq-713d-aaap
Aliases: CVE-2006-4343 VC-OPENSSL-20060928-CVE-2006-4343 |
A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. |
Affected by 0 other vulnerabilities. Affected by 56 other vulnerabilities. |
|
VCID-sff8-8d57-aaac
Aliases: CVE-2003-0543 VC-OPENSSL-20030930-CVE-2003-0543 |
An integer overflow could allow remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. |
Affected by 9 other vulnerabilities. |
|
VCID-tjnv-wy4x-aaaa
Aliases: CVE-2004-0079 VC-OPENSSL-20040317-CVE-2004-0079 |
The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause a crash. |
Affected by 7 other vulnerabilities. |
|
VCID-vkat-mpxv-aaad
Aliases: CVE-2006-4339 VC-OPENSSL-20060905-CVE-2006-4339 |
Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures where under certain circumstances it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by OpenSSL. |
Affected by 4 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
VCID-ye43-arpb-aaab
Aliases: CVE-2005-2969 VC-OPENSSL-20051011-CVE-2005-2969 |
A deprecated option, SSL_OP_MISE_SSLV2_RSA_PADDING, could allow an attacker acting as a "man in the middle" to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. |
Affected by 5 other vulnerabilities. Affected by 61 other vulnerabilities. |
|
VCID-zufg-a7kh-aaak
Aliases: CVE-2003-0544 VC-OPENSSL-20030930-CVE-2003-0544 |
Incorrect tracking of the number of characters in certain ASN.1 inputs could allow remote attackers to cause a denial of service (crash) by sending an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-dfg7-5zwk-aaan | The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack" |
CVE-2003-0131
VC-OPENSSL-20030319-CVE-2003-0131 |
| VCID-fq9y-x2ae-aaac | RSA blinding was not enabled by default, which could allow local and remote attackers to obtain a server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). |
CVE-2003-0147
VC-OPENSSL-20030314-CVE-2003-0147 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:48.687209+00:00 | OpenSSL Importer | Affected by | VCID-rbtq-713d-aaap | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.503636+00:00 | OpenSSL Importer | Affected by | VCID-3j45-cwzm-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.319522+00:00 | OpenSSL Importer | Affected by | VCID-jpd6-6mb9-aaam | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.211884+00:00 | OpenSSL Importer | Affected by | VCID-31sj-sdmb-aaaq | https://www.openssl.org/news/secadv/20060928.txt | 34.0.0rc1 |
| 2024-01-03T20:01:48.039490+00:00 | OpenSSL Importer | Affected by | VCID-vkat-mpxv-aaad | https://www.openssl.org/news/secadv/20060905.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.891241+00:00 | OpenSSL Importer | Affected by | VCID-ye43-arpb-aaab | https://www.openssl.org/news/secadv/20051011.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.764807+00:00 | OpenSSL Importer | Affected by | VCID-p6x2-eazm-aaae | https://www.openssl.org/news/vulnerabilities.xml | 34.0.0rc1 |
| 2024-01-03T20:01:47.724714+00:00 | OpenSSL Importer | Affected by | VCID-6qtp-pd6p-aaaf | https://www.openssl.org/news/secadv/20040317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.650397+00:00 | OpenSSL Importer | Affected by | VCID-tjnv-wy4x-aaaa | https://www.openssl.org/news/secadv/20040317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.530170+00:00 | OpenSSL Importer | Affected by | VCID-j94u-8tzs-aaab | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.431634+00:00 | OpenSSL Importer | Affected by | VCID-zufg-a7kh-aaak | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.400140+00:00 | OpenSSL Importer | Affected by | VCID-sff8-8d57-aaac | https://www.openssl.org/news/secadv/20030930.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.309494+00:00 | OpenSSL Importer | Fixing | VCID-fq9y-x2ae-aaac | https://www.openssl.org/news/secadv/20030317.txt | 34.0.0rc1 |
| 2024-01-03T20:01:47.222356+00:00 | OpenSSL Importer | Fixing | VCID-dfg7-5zwk-aaan | https://www.openssl.org/news/secadv/20030319.txt | 34.0.0rc1 |